Bug ID 1085629: APM sends "HTTP body too big" reset message when POST body is greater than 64 KB

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3

Opened: Mar 09, 2022
Severity: 4-Minor

Symptoms

The first POST request with body size greater than 64 KB is dropped to prevent DoS attacks. In few scenarios, the APM drops second POST request (the authenticated request) with body size greater than 64 KB even with valid MRH session cookie.

Impact

The connection is reset. The reset cause is [F5RST: APM HTTP body too big]

Conditions

- A client sends first POST message with body less than 64 KB and once access session is created, it sends second POST request containing body greater than 64 KB. - Use of browsers that does not support Java Script. - Custom client that will not consider and resend hidden dummy parameter value of POST body in "200 ok" response to my.policy from BIG-IP.

Workaround

None

Fix Information

None

Behavior Change