Sochorn Chan Posted August 21, 2021 Share Posted August 21, 2021 Hi everyone, Anyone have faced an issue with WAF block file size over 100MB? I have issued with FTP can't upload file size larger 100Mb after apply WAF. Pls anyone advise the solution. Thanks Link to comment
0 Edwin Houben1709162231 Posted September 1, 2021 Share Posted September 1, 2021 Hi Sochron, Did you enable streaming? https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/appendixes/streaming-support-for-request-processing.html Quote Citrix Web App Firewall supports a maximum post size of 20 MB without streaming. For better resource utilization, Citrix recommends you to enable streaming only for payloads greater than 20 MB. Also, the back-end server must accept the chunked requests if streaming is enabled. Link to comment
0 Sochorn Chan Posted September 13, 2021 Author Share Posted September 13, 2021 On 9/1/2021 at 3:39 PM, Edwin Houben1709162231 said: Hi Sochron, Did you enable streaming? https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/appendixes/streaming-support-for-request-processing.html Hi Edwin, I couldn't login FTP portal after enabled streaming and our FTP serve-U is already enables mode stream. Do you have any other suggestion to check? Link to comment
0 Felipe Ruiz1709162764 Posted June 30, 2023 Share Posted June 30, 2023 I have the same problem, except that we don't have an FTP service but a file sharing platform (GoAnywhere). Uploads fail after 100 MB. I tried enabling "Streaming" but with that the web portal stops working properly. I also tried enabling "Exclude Upload Files From Security Checks" but nothing changes. @Sochorn ChanDid you find a solution for this? Link to comment
0 Felipe Ruiz1709162764 Posted August 1, 2023 Share Posted August 1, 2023 I'm sharing my findings in case someone else finds the same issue: Support engineer from Citrix was not able to explain why or where this restriction comes from, and of course he didn't provide a way to adjust the limit. Instead, he suggested a workaround consisting in a Bypass WAF policy to avoid WAF inspecting http requests that exceed certain body size, in this case is 20 MB. The policy is: (HTTP.REQ.FULL_HEADER + HTTP.REQ.BODY(20480000)).LENGTH>= (HTTP.REQ.FULL_HEADER.LENGTH + 20480000) And the action is the built-in: APPFW_BYPASS It works as intended, and now large files can be uploaded. A side benefit is that memory and cpu consumption doesn't increase with those large uploads as it happened before. However I'm a bit concern about this bypass policy could open a risk for potencial malicious traffic to get in... Another related finding: I saw the 110 MB limit when using v13.0. I recently upgraded to v13.1 and found that now the limit is 1.1 GB. Link to comment
0 Prashanth Vaddeboina Posted November 9, 2023 Share Posted November 9, 2023 On 8/1/2023 at 9:58 PM, Felipe Ruiz1709162764 said: I'm sharing my findings in case someone else finds the same issue: Support engineer from Citrix was not able to explain why or where this restriction comes from, and of course he didn't provide a way to adjust the limit. Instead, he suggested a workaround consisting in a Bypass WAF policy to avoid WAF inspecting http requests that exceed certain body size, in this case is 20 MB. The policy is: (HTTP.REQ.FULL_HEADER + HTTP.REQ.BODY(20480000)).LENGTH>= (HTTP.REQ.FULL_HEADER.LENGTH + 20480000) And the action is the built-in: APPFW_BYPASS It works as intended, and now large files can be uploaded. A side benefit is that memory and cpu consumption doesn't increase with those large uploads as it happened before. However I'm a bit concern about this bypass policy could open a risk for potencial malicious traffic to get in... Another related finding: I saw the 110 MB limit when using v13.0. I recently upgraded to v13.1 and found that now the limit is 1.1 GB. Hi Guido In v13.1, Is the limit of 1.1GB after enabling Bypass policy or without bypass policy? Link to comment
0 Felipe Ruiz1709162764 Posted December 13, 2023 Share Posted December 13, 2023 On 11/9/2023 at 9:54 AM, Prashanth Vaddeboina said: Hi Guido In v13.1, Is the limit of 1.1GB after enabling Bypass policy or without bypass policy? That limit was seen before enabling the bypass policy. As the name suggests, the purpose of the policy is to "bypass" that limitation. Link to comment
Question
Sochorn Chan
Hi everyone,
Anyone have faced an issue with WAF block file size over 100MB? I have issued with FTP can't upload file size larger 100Mb after apply WAF. Pls anyone advise the solution.
Thanks
Link to comment
6 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now