Follow

Issue: HTTP protocol compliance failed: Unparsable request content

Description

Violations HTTP protocol compliance failed
Sub Violation(s)HTTP protocol compliance failed: Unparsable request content
Attack Type HTTP Parser Attack
 
When module "Illegal URL length" is disabled - to long URI can be also detected on module "Unparsable request content "
<violation>
<viol_index>14</viol_index>
<viol_name>VIOL_HTTP_PROTOCOL</viol_name>
<http_sanity_checks_status>65536</http_sanity_checks_status>
<http_sub_violation_status>65536</http_sub_violation_status>
<http_sub_violation>URL length: 2055 exceeded maximum limit of: 2048</http_sub_violation>

 

Environment

  • WAF

 

Cause

URL length: 2055 exceeded maximum limit of: 2048

 

Resolution

URL Length is a system-wide variable and cannot be changed. It appears to occur because the application is sending an abnormally large number of URL parameters in a GET request.

We have two options to permit this traffic:
1. Disable the "Unparsable request content" sub-violation. This would permit this traffic but also introduce some additional exposure whereby the system will allow requests it cannot parse.
2. Disable the "Unparsable request content" sub-violation on a new policy applied specifically to URL /example.com. In this case, the exposure is limited to just this portion of the application, but it introduces administrative overhead of the additional policy.

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request