Buffer Overflow
Security -> Options: Application Security: Advanced Configuration: System Variables
- long_request_buffer_size – specifies the longest request length supported by the system (default is 10Mb)
- request_buffer_size – specifies the common request length supported by the system (default is 10Kb) https://support.f5.com/csp/article/K7935
File Uploads
-
Once the new parameter that the application uses for the file upload functionality has been identified and added in the respective URL then the Data Type “File Upload” should be used while keeping the Maximum Length value as “Any” to support the uploading of files that could be too long https://devcentral.f5.com/articles/file-uploads-and-asm
-
Special attention must also be observed to avoid exceeding the defined buffer size
- Security ›› Application Security : Blocking : Settings : Request length exceeds defined buffer size
-
- Possible File Types that can be added to the ASM policy
Security -> Application Security: File Types: Allowed File Types -> Add Allowed File Types
- Options are Explicit (xml,xls,doc,regular expression to allow upper/lower case for example)
- No Extension(shows as no_ext)
- Wildcard (Never, Selective,Add All entities)
ICAP
-
To enable ICAP without affecting application performance
-
Turn off “Guaranteed Enforcement”
- Security ›› Options : Application Security : Integrated Services : Anti-Virus Protection
- The tradeoff is that without Guaranteed Enforcement in the event of the ICAP server being unavailable the request will be denied/blocked which affects the user experience
-
- Default long_request_buffer size is 10MB, ASM will not send files larger than 10MB to ICAP server (but it can be increased up to 20MB)
- Virus Detected policy default is Learn/Alarm/Block
Recent Comments