Jump to content
Welcome to our new Citrix community!
  • 1

Can't upload large file size over 100Mb through WAF


Sochorn Chan

Question

6 answers to this question

Recommended Posts

  • 0

Hi Sochron,

 

Did you enable streaming?

 

https://docs.citrix.com/en-us/citrix-adc/current-release/application-firewall/appendixes/streaming-support-for-request-processing.html

 

Quote

Citrix Web App Firewall supports a maximum post size of 20 MB without streaming. For better resource utilization, Citrix recommends you to enable streaming only for payloads greater than 20 MB. Also, the back-end server must accept the chunked requests if streaming is enabled.

 

Link to comment
  • 0
On 9/1/2021 at 3:39 PM, Edwin Houben1709162231 said:

Hi Edwin,

I couldn't login FTP portal after enabled streaming and our FTP serve-U is already enables mode stream. Do you have any other suggestion to check? 

Link to comment
  • 0

I'm sharing my findings in case someone else finds the same issue:

Support engineer from Citrix was not able to explain why or where this restriction comes from, and of course he didn't provide a way to adjust the limit. Instead, he suggested a workaround consisting in a Bypass WAF policy to avoid WAF  inspecting http requests that exceed certain body size, in this case is 20 MB. The policy is:

(HTTP.REQ.FULL_HEADER + HTTP.REQ.BODY(20480000)).LENGTH>= (HTTP.REQ.FULL_HEADER.LENGTH + 20480000)

And the action is the built-in:  APPFW_BYPASS

 

It works as intended, and now large files can be uploaded. A side benefit is that memory and cpu consumption doesn't increase with those large uploads as it happened before. However I'm a bit concern about this bypass policy could open a risk for potencial malicious traffic to get in...

 

Another related finding: I saw the 110 MB limit when using v13.0. I recently upgraded to v13.1 and found that now the limit is 1.1 GB.

Link to comment
  • 0
On 8/1/2023 at 9:58 PM, Felipe Ruiz1709162764 said:

I'm sharing my findings in case someone else finds the same issue:

Support engineer from Citrix was not able to explain why or where this restriction comes from, and of course he didn't provide a way to adjust the limit. Instead, he suggested a workaround consisting in a Bypass WAF policy to avoid WAF  inspecting http requests that exceed certain body size, in this case is 20 MB. The policy is:

(HTTP.REQ.FULL_HEADER + HTTP.REQ.BODY(20480000)).LENGTH>= (HTTP.REQ.FULL_HEADER.LENGTH + 20480000)

And the action is the built-in:  APPFW_BYPASS

 

It works as intended, and now large files can be uploaded. A side benefit is that memory and cpu consumption doesn't increase with those large uploads as it happened before. However I'm a bit concern about this bypass policy could open a risk for potencial malicious traffic to get in...

 

Another related finding: I saw the 110 MB limit when using v13.0. I recently upgraded to v13.1 and found that now the limit is 1.1 GB.

Hi Guido

 

In v13.1, Is the limit of 1.1GB after enabling Bypass policy or without bypass policy? 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...