Bug ID 1085629: APM sends "HTTP body too big" reset message when POST body is greater than 64 KB

Last Modified: Apr 28, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,

Opened: Mar 09, 2022

Severity: 4-Minor


The first POST request with body size greater than 64 KB is dropped to prevent DoS attacks. In few scenarios, the APM drops second POST request (the authenticated request) with body size greater than 64 KB even with valid MRH session cookie.


The connection is reset. The reset cause is [F5RST: APM HTTP body too big]


- A client sends first POST message with body less than 64 KB and once access session is created, it sends second POST request containing body greater than 64 KB. - Use of browsers that does not support Java Script. - Custom client that will not consider and resend hidden dummy parameter value of POST body in "200 ok" response to my.policy from BIG-IP.



Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips