Forum Discussion

uni's avatar
uni
Icon for Altostratus rankAltostratus
May 05, 2014

Scanning long requests

As described in sol14034, if I set EnableASMByPass to 1, and a request exceeds long_request_buffer_size, are the first (long_request_buffer_size) bytes scanned before bypassing the rest, or is none of the request scanned?

 

1 Reply

  • Bypass means bypass - if the request is larger then long_request_buffer_size then ASM module (along with scanning the content using attack signatures) is bypassed - the traffic will not flow through ASM. So no bytes will be be scanned.

     

    However, you cany enable enable enforcement of RFC compliance, geolocation, and IP reputation for large requests that exceed the long_request_buffer_size using enforce_rfc_in_long_request variable - descibed in the same solution sol14034