Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

413 Request entity too large

In the WAF configuration If an user upload a file greater than 1 Mb receives the error 
Request body no files data length is larger than the configured limit - 413 Request entity too large

 

I found in the UTM you can modify the squid.conf-default, but I didn´t fine anythig about th XG.

 

Someone will know how to increase the Mb??



This thread was automatically locked due to age.
  • Lol now that you reminded me I did, I can remember the class.......awe the memories.........

     

    Respectfully, 

     

    Badrobot

     

  • I got an update for my case:

     

    "With respect to the WAF issue, the XG according to our support L3 has a default 1MB load limit. You can modify that by SQL in the DB of the XG (postgres)

    Our L3 will continue with the support and shield the corresponding modifications."

     

    I´ll tell you more as soon as I know something else.

  • Sounds good Jessy,

     

    thanks for update.

  • Please let me know how that works out for you. 

    We've updated the profile record several times and have even run the waf_reconfig opcode to force an update.

    Sadly, once any changes to the config through the GUI are made everything goes back to default. not so good....

    I wouldn't doubt that the Engineers/Developers are working on our two tickets as one so when you hear something so will I or vice versa.

  • I have an XG at home that I could test this on, just let me know step by step what you are looking for and how to confirm it?

     

    Learning is fun lol.....

     

    Also, I only ask because I am following some of what you got here but I went into the /cfs/waf/reverseproxy.conf and noticed I have "SecRequestBodyNofilesLimit 10485760"  set.  So are you saying that this aspect is getting ignored in the WAF and the setting is being pulled from another config such as the base.conf?  

     

     

    Respectfully, 

     

    Badrobot

     

  • I'd be very curious to learn what you're seeing..

    I'm suggesting that the value in mine continually reverts back to 1048576 whenever a change is applied to the policy in the GUI.

    For instance if you add an exception to the WAF protection policy (for example, 981200) you are using and then click save.. (you can remove it later..)

    Now go back and look at your reverseproxy.conf and the db record for that policy..

    You can look at the policy records with:  psql -U nobody -d corporate -xc "select * from tblwafsecurityprofile"

    Take a look and see if it's still at 10485760 in the sec_request_body_no_files_limit in the db and SecRequestBodyNofilesLimit in the reverseproxy.conf or if the values have gone back down to 1048576.

    If you have multiple policies like we do, The reversion only takes place on the policy that is updated and then saved. meaning that the values in the other policy records wont be changed because you aren't editing their parent policy.

  • I checked and the policy did change to the 1048576 in both the reverseproxy.conf and db.  

    Respectfully, 

     

    Badrobot

     

  • Thanks for doing that test I appreciate it....

    Good to know I'm not the only one seeing this behavior.

    I'm hopeful that we will have an answer soon,

    I had a top level guy on the phone banging around on this XG and even he said that he had to pass the logs over to the developers for analysis.

    Id be curious to learn if you to enter SecRequestBodyNofilesLimit 10485760 just below the SecRequestBodyLimit 1073741824 entry in the /usr/apache/conf/waf/base.conf file and then do another change to your policy if it would do it and apply the new setting to the reverseproxy.conf and db

    IDK if the WAF service would then need to be restarted to apply the changes.. I'd assume not, but if so you would need to do a  "service WAF:restart -ds nosync" 

    Ultimately that's what I really would like to see tested.

  • I think I'll be firing up a VM and trying it myself as well.. 

    I think that if this is correct it would be a useful addition to the KB.

    Let me know if you had a chance to try it out.

    Your reply could save me a ton of time wasted spinning up a VM and pushing my other projects aside.

    Thanks again for checking it out.

  • I attempted to add the 

     

    SecRequestBodyNofilesLimit 10485760 right under the SecRequestBodyLimit in the base.conf  but I cannot seem to save the conf file, even with :wq!

    Respectfully, 

     

    Badrobot