ASM module blocking legal request - need a bit help to solve it the best way..

Question

hi out there
we have an application where our users have hit a limit which is causing the F5 ASM module (BigIP 11.3) to block the request because it is looking at it as a Dos Attack - http protocol compliance failed where the ASM modules HTTP validation module has checked maximum number of parameters to be to high in request (5622 - and this must be items - not bytes):&nbsp;
Number of total parameters &lt;5622&gt; in request (query string and post-data) exceed maximum limitation&nbsp;
As far as I can see this must be a parameter I can increase a bit under Security -&gt; Protocol Security -&gt; Security Profiles -&gt; Http Profile Properties and then under REquest checks - or os this the wrong location?
In that screen there is a length check defined for a Query string of 1k and a post data length of  15360 kbytes - but not any specific for number of parameters??&nbsp;
Now - since I from bad experience with this ASM module know that it is not always obvious what to modify so I would try here to ask first before I just try to increase some parameters...&nbsp;
best regards /ti&nbsp;

cory_50405 · Answer

You should set this configuration item per policy.&nbsp;
Security -&gt; Application Security -&gt; Blocking -&gt; Settings&nbsp;
Then select the policy you want to modify.&nbsp;
Under the RFC Violations section, there'll be a clickable 'HTTP Protocol Compliance Failed' option.  Under this will be a configurable field for maximum number of parameters.  Modify it here.&nbsp;

tiwang · Answer

hi - thanks for the fast reply - you are right - there is a field there where the default is 2000 parameters - I will try to increase it to 6000&nbsp;
thanks /ti&nbsp;

tiwang · Answer

of course - cannot set it to 6000 - max is 5000 - hmm - suggestions?
best regards /ti&nbsp;

john_buchanan · Answer

I'm getting a protocol compliance failure on URL length, where do I adjust that?  I know I can adjust these things on allowed Files but not sure about URLs.&nbsp;
"Unparsable request content - URL length: 2925 exceeded maximum limit of: 2048"&nbsp;

Forum Discussion

ASM module blocking legal request - need a bit help to solve it the best way..

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

ASM blocked request contains & (ampersand) symbol in parameter value

Ansible module to update BIG-IP root/admin passwords

Distributed caching of authentication requests with NGINX Ingress Controller

Block traffic