Bug ID 516683: Cannot download files larger than 32MB via iControl REST

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Fixed In:
12.0.0

Opened: Apr 06, 2015
Severity: 2-Critical

Symptoms

Users cannot download large files of size more greater than 32MB due to restricted memory available for the REST daemon on BIG-IP

Impact

Possible denial of service attack because of the out of memory in REST daemon.

Conditions

Users requesting file download of size more than 32 MB through REST

Workaround

No known workaround. Mitigation was to error out file download request larger than 1 MB and enforce Content-Range based chunked download for larger files.

Fix Information

Previously REST daemon was attempting to load large files into memory even though there may not be enough memory as well as file size is exceeding upper limit 32 MB on the Rest Operation. This fix prevents REST daemon from loading any file larger than 1 MB without smaller chunks and possible denial of service attacks because of the out of memory.

Behavior Change