Bug ID 712857: SWG-Explicit rejects large POST bodies during policy evaluation

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP SWG(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1

Fixed In:
14.1.4.5, 14.1.0, 12.1.3.6

Opened: Mar 30, 2018
Severity: 3-Major

Symptoms

When an access profile of type SWG-Explicit is being used, there is a 128 KB limit on POST bodies while the policy is being evaluated. The system posts an error message similar to the following in /var/log/apm: err tmm[13751]: 01490514:3: (null):Common:00000000: Access encountered error: ERR_NOT_SUPPORTED. File: ../modules/hudfilter/access/access.c, Function: hud_access_process_ingress, Line: 3048

Impact

Unable to start an SWG-Explicit policy with a large POST body.

Conditions

This applies only during policy evaluation. After the policy has been set to 'Allow', there is no limit to the POST body.

Workaround

None.

Fix Information

Now, you can resolve this issue by modifying db variable 'tmm.access.maxrequestbodysize' to use a value larger than the maximum request size you want to support.

Behavior Change