Multi-part form data is blocked by AppFW with "Malformed multi-part request"
Article ID: CTX237872
Updated On:
Description
After upgrading to NetScaler 11.1 Build 58.13 nc+, many traffic blocked by AppFW feature with reason "Malformed multi-part request"
There are following logs on ns.log:
Jul 17 19:01:33 <local0.info> 192.168.253.1 07/17/2018:11:01:33 GMT XXX 0-PPE-4 : default APPFW AF_MALFORMED_REQ_ERR 588998 0 : XX.XX.XX.XX 21371725-PPE4 vU/ca5QwqDy+aCi/PZ5XNTZKJcs0004 test_learn Malformed multi-part request - connection reset <blocked>From nstrace , the traffic is reset by NetScaler with reset code 9856. Also, appfwreq_err_multipart_incomp_boundary counter is increased in newnslog.
Resolution
We can bypass the check to multi-part/form-data to avoid reset.
Navigate to Security > Application Firewall > Profile > Edit your profile > Profile Settings > Inspected Content Type > Multi-part/form-data
Multi-part payload sent by client is missing '\r\n' at the end, which caused AppFW to reset the traffic
Navigate to Security > Application Firewall > Profile > Edit your profile > Profile Settings > Inspected Content Type > Multi-part/form-data
Problem Cause
This is due to strict parsing which is fixed in NetScaler Build11.1_58.13+.Multi-part payload sent by client is missing '\r\n' at the end, which caused AppFW to reset the traffic
Was this article helpful?
Yes
No
Powered by
