Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
870
Views
0
Helpful
4
Replies

Limitations brought on by request body size minimum.

Go to solution
wesley.johnston
Level 1
Level 1

‎05-15-2013 01:12 PM

Hello, I'm a TSE with Symantec's DLP product and I was hoping to get a solution to issues that come up with the mimum request body size as mentioned in chapter 11 of the WSA_6.3.0_GA_userGuide_IronPort.pdf(chapter 12 in the 7.1 guide and the instructions are the same) where it states the following:

"The default minimum request body size is 4 KB (4096 bytes) for both CLI commands. Valid

values are 1 to 64 KB. The size you specify applies to the entire size of the upload request

body."

Which is 19 out of 20 times fine in a real world invironment. However I find many security engineers still have hangups that any violating data under 1kb(a txt with 30 names and ssns come to mind that wound up being 1020 bytes, just shy of the limit) will just be posted without question to be a deal breaker when it comes to implimenting DLP web prevent, and instead we are forced to use a component such as a network monitor that is not as effecitve as web prevent would otherwise be would this limit be somehow circumvented.   Is this hard coded or could we in fact choose the limit to be less than 1kb.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Vance Kwan
Cisco Employee
Cisco Employee

‎09-02-2013 07:56 PM

Hi Wesley,

You may SSH to the WSA and use the command 'externaldlpconfig'.  It lets you input the minimum size in bytes.  I've change this as low as 10 bytes.  Though I have not actually tested it to see if it really does send 10 bytes, the prompt suggests that you may.

Don't forget to use the 'commit' command to commit the changes.

-Vance

View solution in original post

0 Helpful

Go to solution
Vance Kwan
Cisco Employee
Cisco Employee
In response to wesley.johnston

‎09-04-2013 09:40 PM

Hi Wesley,

It is as easy as it sounds.

SSH to the M1 interface of the WSA and Logon.

The command is 'externaldlpconfig'.  It will ask for the minimum size in which you can simply input 10 (or even 1).  Press enter until you get back to the main prompt.  Then use the command 'commit' to save the changes.

I worked with a customer and confirmed that ICAP data was being sent to Vontu DLP with a setting of 10 bytes as the minimum.  I haven't counted the bytes, but he simply inputted 2 fake CC #'s to test in Gmail and sent it.

The only known issues with DLP's and the WSA was the X-authenticated-user header being sent in a non-RFC standard.  This has been corrected as of version 7.5.1-079 on the WSA.

-Vance

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Erik Kaiser
Cisco Employee
Cisco Employee

‎09-02-2013 11:52 AM

Hi Wesley,

DLPs lowest setting is 1kb.

Sincerely,

Erik Kaiser
WSA CSE
WSA Cisco Forums Moderator

Sincerely, Erik Kaiser WSA CSE WSA Cisco Forums Moderator
0 Helpful

Go to solution
Vance Kwan
Cisco Employee
Cisco Employee

‎09-02-2013 07:56 PM

Hi Wesley,

You may SSH to the WSA and use the command 'externaldlpconfig'.  It lets you input the minimum size in bytes.  I've change this as low as 10 bytes.  Though I have not actually tested it to see if it really does send 10 bytes, the prompt suggests that you may.

Don't forget to use the 'commit' command to commit the changes.

-Vance

0 Helpful

Go to solution
wesley.johnston
Level 1
Level 1
In response to Vance Kwan

‎09-03-2013 10:05 AM

Vance,

This sounds very promising.  I do not actually have WSA to work with directly so can you provide some specific syntax as to how this would be changed to say 10 bytes?   Also what would the effect be of saving a change from the GUI as it has the minimum of 1k?  Would it revert the setting to 1kb again?

0 Helpful

Go to solution
Vance Kwan
Cisco Employee
Cisco Employee
In response to wesley.johnston

‎09-04-2013 09:40 PM

Hi Wesley,

It is as easy as it sounds.

SSH to the M1 interface of the WSA and Logon.

The command is 'externaldlpconfig'.  It will ask for the minimum size in which you can simply input 10 (or even 1).  Press enter until you get back to the main prompt.  Then use the command 'commit' to save the changes.

I worked with a customer and confirmed that ICAP data was being sent to Vontu DLP with a setting of 10 bytes as the minimum.  I haven't counted the bytes, but he simply inputted 2 fake CC #'s to test in Gmail and sent it.

The only known issues with DLP's and the WSA was the X-authenticated-user header being sent in a non-RFC standard.  This has been corrected as of version 7.5.1-079 on the WSA.

-Vance

0 Helpful
Customers Also Viewed These Support Documents