Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

WAF Request Body Size Limit

 

Information

 

Summary:

Questions regarding WAF Request Body Size Limit between version 56.2 and .57 of the LoadMaster

Environment:

Product:LoadMaster

Version:56.2

Platform: Any

Application:Any

Question/Problem Description:

In 56.2 the "Request Body Size Limit" under any Virtual Service > WAF > Advanced properties > "Inspected HTTP POST Request Bodies".  In there the limit of max 10MB was configurable.

In .57 this was changed to allow up to 50MB.  It also now shows a proper error message.

Steps to Reproduce:

In 56.2 post a file using cURL with a file bigger then the configured "Request Body Size Limit"
curl -d @lorem.txt http://X.X.X.X
The file will be blocked but with the proper message in the log file


In .57 post a file using cURL with a file bigger then the configured "Request Body Size Limit"
curl -d @lorem.txt http://X.X.X.X
The file will be blocked but with the proper message in the log file

Error Message:

In version 56.2:

2022-07-22T18:33:25+00:00 lb100 wafd: [client X.X.X.X] ModSecurity: Request body (Content-Length) is larger than the configured limit (13107200). [hostname "X.X.X.X"] [uri "/"] [unique_id "ea5d8bcc-61fd-478f-b3f1-fd7bd935863a"]

13107200.  This was the max allowed in that version.

 

In version .57:

2022-07-22T15:39:03+00:00 lb100 wafd: [client 10.0.11.131] ModSecurity: Request body no files data length is larger than the configured limit (1024).. Deny with code (413) [hostname "10.1.112.89"] [uri "/"] [unique_id "d75b3181-353c-4e4a-b75a-6dd4d6a314c9"]

1024.  This was the configured value within the setting.

Defect Number: PD-19891
Enhancement Number:  
Cause: Text bug that was resolved in .57 and an enhancement to the product.
Resolution: In .57 this was changed to allow up to 50MB instead of 10.  See details in patch notes.
Workaround:  
Notes: LoadMaster 7.2.57.0 Release Notes – Kemp Support (kemptechnologies.com)

Comments