Bug ID 519053: Request is forwarded truncated to the server after answering challenge on a big request

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6, 11.5.4

Opened: Apr 20, 2015
Severity: 3-Major

Symptoms

Large requests (over 5K) arrive truncated to the server when web scraping bot detection is enabled, or a brute force/session opening attack is ongoing with client-side mitigation.

Impact

The client side challenge mechanism causes a truncation of the request forwarded to the server. Only the first 5k of the request arrives to the server.

Conditions

The request size is between 5k-10k. Web scraping bot detection is turned on, or a brute force/session opening attack is ongoing with client-side mitigation.

Workaround

Change the internal parameter size max_raw_request_len to 10000.

Fix Information

The system's client-side challenge mechanism no longer truncates large requests (those over 5K) forwarded to the server.

Behavior Change