Uploading files larger than 8KB files may hang when request content type is 'application/octet-steam' and signatures are bound to AppFirewall profile.

The ns.log shows that the traffic is not being blocked, when the Signature is bound, however the upload still fails:

Sep 15 13:20:22 <local0.info> 10.10.10.1 CEF:0|Citrix|NetScaler|NS11.1|APPFW|APPFW_POLICY_HIT|6|src=10.10.20.1 spt=42439 method=POST request=https://abc.citrixlab.com/jira/rest/servicedesk/1/servicedesk/customer/comment/tempfile?filename\=user_manual.pdf&size\=13233209&atl_token\=BJ1H-XOPX-MNZM-FRR9%7C4a297430b9fa2e5c9f55aca9de4f7fe397060254%7Clin&projectId\=10103 msg=Application Firewall profile invoked cn1=215501323 cn2=65857233 cs1=MYRSCS_P_APPFW_PRO_default cs2=PPE0 cs4=ALERT cs5=2017 act=not blocked

POST request is as below to upload the filename : user_manual.pdf:

POST /jira/rest/servicedesk/1/servicedesk/customer/comment/tempfile?filename=user_manual.pdf&size=13233209&atl_token=BJ1H-XOPX-MNZM-FRR9%7C57cc5f7331b68e2112fbbca04d86d7516eeaf980%7Clin&projectId=10103 HTTP/1.1 
Host: abc.citrixlab.com 
Connection: keep-alive 
Content-Length: 13233209 
Origin: https://abc.citrixlab.com 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36 
Content-Type: application/octet-stream 
Accept: */* 
DNT: 1 
Referer: https://abc.citrixlab.com/jira/servicedesk/customer/portal/2/create/56 
Accept-Encoding: gzip, deflate, br 
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4 
Cookie: seraph.rememberme.cookie=11029%3A648cb6489242d88698383012508e6a147c4bd67d; JSESSIONID=3F5347EC4C07B1C32CA91EA6ED35775C; atlassian.xsrf.token=BJ1H-XOPX-MNZM-FRR9|57cc5f7331b68e2112fbbca04d86d7516eeaf980|lin 

NetScaler AppFirewall profile settings:

add appfw profile MYRSCS_P_APPFW_PRO_default -startURLAction none -denyURLAction none -fieldFormatAction none -bufferOverflowMaxURLLength 2048 -doSecureCreditCardLogging OFF -responseContentType "application/octet-stream" -XMLSQLInjectionAction none -XMLXSSAction none -XMLWSIAction none -XMLValidationAction none -signatures myrscs_p_appfw_sig_default -errorURL "https://www.abc.com/error_404" -logEveryPolicyHit ON -exemptClosureURLsFromSecurityChecks OFF -defaultCharSet utf-8 -postBodyLimit 4294967295 -canonicalizeHTMLResponse OFF -enableFormTagging OFF

If you unbind the signature the upload works.

To fix the issue #695555, upgrade to NetScaler 11.1 56_X+ or 12.0 56_X+

Problem Cause

Due to TCP buffer size 8KB, uploading more than 8KB when request body signatures are enabled on NetScaler AppFirewall profile causes application to hang. This is happening due to NetScaler advertising "TCP window Full" to client after client sends first 8KB.