"URI Path Length Too Long" IPS events appears in Deep Security Agent (DSA)

Product / Version includes:

Deep Security9.6 , Deep Security10.2 , Deep Security10.1 , Deep Security10.0 , Deep Security9.5 , Deep Security10.3

Last updated: 2021/08/28

Solution ID: KA-0008193

Category: Troubleshoot

Summary

The IPS Rule "1000763-URI Length Restriction" has not been implemented, but users still see multiple "URI Path Length Too Long" IPS events.

The Event "URI Path length too long" is triggered when the Path length is greater than 512 characters. This is an Engine-level trigger and will be triggered if you have enabled the DPI rule "1000128 - HTTP Protocol Decoding". Refer to this article for more information on this DPI rule: Understanding the Deep Packet Inspection (DPI) errors generated in Deep Security

The DPI rule '1000763 - URI Length Restriction' could be used to circumvent the 'URI Path Length Too Long' engine events.

The "Details" section of the DPI rule "1000128 - HTTP Protocol Decoding" provides information on how to override engine behavior when Path length is greater than 512 characters.

To resolve this, you need to assign DPI "1000763 - URI Length Restriction" to override "URI Path length too long" for instances that the Path length is greater than 512 characters. The rule has configuration options to change the "Maximum URI path length" and "Maximum number of directory levels in URI path" which is set to 1024 and 100 respectively by default. These numbers can be changed or updated by the customer as allowed by the Web Server or depends on their requirement to block or deny HTTP Traffic.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

"URI Path Length Too Long" IPS events appears in Deep Security Agent (DSA)

"URI Path Length Too Long" IPS events appears in Deep Security Agent (DSA)

Product / Version includes:

Summary