Can't upload large file size over 100Mb through WAF

[Sochorn Chan]

Hi everyone,

Anyone have faced an issue with WAF block file size over 100MB?  I have issued with FTP can't upload file size larger 100Mb after apply WAF. Pls anyone advise the solution.

Thanks 

[Edwin Houben1709162231]

Hi Sochron,

 

Did you enable streaming?

 

https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/appendixes/streaming-support-for-request-processing.html

 

Quote

Citrix Web App Firewall supports a maximum post size of 20 MB without streaming. For better resource utilization, Citrix recommends you to enable streaming only for payloads greater than 20 MB. Also, the back-end server must accept the chunked requests if streaming is enabled.

 

[Sochorn Chan]

On 9/1/2021 at 3:39 PM, Edwin Houben1709162231 said:

Hi Sochron,

 

Did you enable streaming?

 

https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/appendixes/streaming-support-for-request-processing.html

 

 

Hi Edwin,

I couldn't login FTP portal after enabled streaming and our FTP serve-U is already enables mode stream. Do you have any other suggestion to check? 

[Felipe Ruiz1709162764]

I have the same problem, except that we don't have an FTP service but a file sharing platform (GoAnywhere). Uploads fail after 100 MB. I tried enabling "Streaming" but with that the web portal stops working properly. I also tried enabling "Exclude Upload Files From Security Checks" but nothing changes.

 

@Sochorn ChanDid you find a solution for this?

[Felipe Ruiz1709162764]

I'm sharing my findings in case someone else finds the same issue:

Support engineer from Citrix was not able to explain why or where this restriction comes from, and of course he didn't provide a way to adjust the limit. Instead, he suggested a workaround consisting in a Bypass WAF policy to avoid WAF  inspecting http requests that exceed certain body size, in this case is 20 MB. The policy is:

(HTTP.REQ.FULL_HEADER + HTTP.REQ.BODY(20480000)).LENGTH>= (HTTP.REQ.FULL_HEADER.LENGTH + 20480000)

And the action is the built-in:  APPFW_BYPASS

 

It works as intended, and now large files can be uploaded. A side benefit is that memory and cpu consumption doesn't increase with those large uploads as it happened before. However I'm a bit concern about this bypass policy could open a risk for potencial malicious traffic to get in...

 

Another related finding: I saw the 110 MB limit when using v13.0. I recently upgraded to v13.1 and found that now the limit is 1.1 GB.

[Prashanth Vaddeboina]

On 8/1/2023 at 9:58 PM, Felipe Ruiz1709162764 said:

I'm sharing my findings in case someone else finds the same issue:

Support engineer from Citrix was not able to explain why or where this restriction comes from, and of course he didn't provide a way to adjust the limit. Instead, he suggested a workaround consisting in a Bypass WAF policy to avoid WAF  inspecting http requests that exceed certain body size, in this case is 20 MB. The policy is:

(HTTP.REQ.FULL_HEADER + HTTP.REQ.BODY(20480000)).LENGTH>= (HTTP.REQ.FULL_HEADER.LENGTH + 20480000)

And the action is the built-in:  APPFW_BYPASS

 

It works as intended, and now large files can be uploaded. A side benefit is that memory and cpu consumption doesn't increase with those large uploads as it happened before. However I'm a bit concern about this bypass policy could open a risk for potencial malicious traffic to get in...

 

Another related finding: I saw the 110 MB limit when using v13.0. I recently upgraded to v13.1 and found that now the limit is 1.1 GB.

Hi Guido

 

In v13.1, Is the limit of 1.1GB after enabling Bypass policy or without bypass policy? 

[Felipe Ruiz1709162764]

On 11/9/2023 at 9:54 AM, Prashanth Vaddeboina said:

Hi Guido

 

In v13.1, Is the limit of 1.1GB after enabling Bypass policy or without bypass policy? 

 

That limit was seen before enabling the bypass policy. As the name suggests, the purpose of the policy is to "bypass" that limitation.