Showing results for 
Search instead for 
Did you mean: 

Service Protection Class and reporting


Service Protection Class and reporting


we are using a service protection class, and some of the requests are rejected (due to some limits we have in this service protection class).

This seems to me working fine.

27/Jan/2015:08:55:36 +0100 DOS Service Protection Class tp_service_protection: Request from rejected because of request size

But is there a way to find out, which request is blocked? i can't find any information in one of the logs.

I don't even find, which setting from the service protection class is responsible for this rejecting (http-header size? http-url length? )

Any ideas?


Jochen Maurer

Frequent Contributor

Re: Service Protection Class and reporting


     Apologies for the late reply - I went back to the Engineering team for guidance, and with all the Brocade acquisition stuff, it fell off my radar.

As an aside, I have raised an internal bug to have the actual setting strings logged in the message as well to make it easier to decode for administrators...

Which Setting?

The "HTTP Specific Settings" section has 6 attributes it can check.  Each generates a corresponding report message in the log. 

The correspondences are:

       http!check_rfc2396  -->  "URL broke RFC 2396"

       http!max_body_length  -->  "rejected because of body data size"

       http!max_header_length  -->  "rejected because of header size"

       http!max_request_length  -->  "rejected because of request size"

       http!max_url_length  -->  "rejected because of URL size"

       http!reject_binary  -->  "contained binary data"

(This is the current text in version 9.9; )

So the "rejected because of request size" message is from a violation of the "http!max_request_length" setting.

Which Request?

The "debug" setting in the Service Protection Class gives more information for some violations (such as http!max_header_length exceeded), but not for violations of http!max_request_length.

But we can handle these requests using TrafficScript.  The documentation for "http.getRequest()" (on the TS help page https://localhost:9090/apps/zxtm/help.fcgi?section=TrafficScript%20Reference#http.getRequest) is an example of exactly this:

# Check that the request is not too big

# for our servers

$request = http.getRequest();

if( string.len( $request ) > 2048 ) {

   http.sendResponse( "413 Request too large",


                      "Request too large", "" );



1. Put that in a rule, edit it to log whatever you want.

2. Set the "http!max_request_length" setting to 0 in the Service Protection class.

3. Set the Service Protection class to call the rule (section: "Service Protection Rule").

Aidan Clarke
Pulse Secure vADC Product Manager
Frequent Contributor

Re: Service Protection Class and reporting


how did you go with the details in my last post?


Aidan Clarke
Pulse Secure vADC Product Manager

Re: Service Protection Class and reporting

sorry, missed your answer.

thats exactly what i've searched for...