WAF Request Body Size Limit
Questions regarding WAF Request Body Size Limit between version 56.2 and .57 of the LoadMaster
In 56.2 the "Request Body Size Limit" under any Virtual Service > WAF > Advanced properties > "Inspected HTTP POST Request Bodies". In there the limit of max 10MB was configurable.
In .57 this was changed to allow up to 50MB. It also now shows a proper error message.
|Steps to Reproduce:||
In 56.2 post a file using cURL with a file bigger then the configured "Request Body Size Limit"
In version 56.2:
2022-07-22T18:33:25+00:00 lb100 wafd: [client X.X.X.X] ModSecurity: Request body (Content-Length) is larger than the configured limit (13107200). [hostname "X.X.X.X"] [uri "/"] [unique_id "ea5d8bcc-61fd-478f-b3f1-fd7bd935863a"]
13107200. This was the max allowed in that version.
In version .57:
2022-07-22T15:39:03+00:00 lb100 wafd: [client 10.0.11.131] ModSecurity: Request body no files data length is larger than the configured limit (1024).. Deny with code (413) [hostname "10.1.112.89"] [uri "/"] [unique_id "d75b3181-353c-4e4a-b75a-6dd4d6a314c9"]
1024. This was the configured value within the setting.
|Cause:||Text bug that was resolved in .57 and an enhancement to the product.|
|Resolution:||In .57 this was changed to allow up to 50MB instead of 10. See details in patch notes.|
|Notes:||LoadMaster 18.104.22.168 Release Notes – Kemp Support (kemptechnologies.com)|