WAF Request Body Size Limit
Information
Summary: |
Questions regarding WAF Request Body Size Limit between version 56.2 and .57 of the LoadMaster |
Environment: |
Product:LoadMaster Version:56.2 Platform: Any Application:Any |
Question/Problem Description: |
In 56.2 the "Request Body Size Limit" under any Virtual Service > WAF > Advanced properties > "Inspected HTTP POST Request Bodies". In there the limit of max 10MB was configurable. In .57 this was changed to allow up to 50MB. It also now shows a proper error message. |
Steps to Reproduce: |
In 56.2 post a file using cURL with a file bigger then the configured "Request Body Size Limit" |
Error Message: |
In version 56.2: 2022-07-22T18:33:25+00:00 lb100 wafd: [client X.X.X.X] ModSecurity: Request body (Content-Length) is larger than the configured limit (13107200). [hostname "X.X.X.X"] [uri "/"] [unique_id "ea5d8bcc-61fd-478f-b3f1-fd7bd935863a"] 13107200. This was the max allowed in that version.
In version .57: 2022-07-22T15:39:03+00:00 lb100 wafd: [client 10.0.11.131] ModSecurity: Request body no files data length is larger than the configured limit (1024).. Deny with code (413) [hostname "10.1.112.89"] [uri "/"] [unique_id "d75b3181-353c-4e4a-b75a-6dd4d6a314c9"] 1024. This was the configured value within the setting. |
Defect Number: | PD-19891 |
Enhancement Number: | |
Cause: | Text bug that was resolved in .57 and an enhancement to the product. |
Resolution: | In .57 this was changed to allow up to 50MB instead of 10. See details in patch notes. |
Workaround: | |
Notes: | LoadMaster 7.2.57.0 Release Notes – Kemp Support (kemptechnologies.com) |