Jochen,

     Apologies for the late reply - I went back to the Engineering team for guidance, and with all the Brocade acquisition stuff, it fell off my radar.

As an aside, I have raised an internal bug to have the actual setting strings logged in the message as well to make it easier to decode for administrators...

Which Setting?

The "HTTP Specific Settings" section has 6 attributes it can check.  Each generates a corresponding report message in the log. 

The correspondences are:

       http!check_rfc2396  -->  "URL broke RFC 2396"

       http!max_body_length  -->  "rejected because of body data size"

       http!max_header_length  -->  "rejected because of header size"

       http!max_request_length  -->  "rejected because of request size"

       http!max_url_length  -->  "rejected because of URL size"

       http!reject_binary  -->  "contained binary data"

(This is the current text in version 9.9; )

So the "rejected because of request size" message is from a violation of the "http!max_request_length" setting.

Which Request?

The "debug" setting in the Service Protection Class gives more information for some violations (such as http!max_header_length exceeded), but not for violations of http!max_request_length.

But we can handle these requests using TrafficScript.  The documentation for "http.getRequest()" (on the TS help page https://localhost:9090/apps/zxtm/help.fcgi?section=TrafficScript%20Reference#http.getRequest) is an example of exactly this:

# Check that the request is not too big

# for our servers

$request = http.getRequest();

if( string.len( $request ) > 2048 ) {

   http.sendResponse( "413 Request too large",

                      "text/plain",

                      "Request too large", "" );

}

So:

1. Put that in a rule, edit it to log whatever you want.

2. Set the "http!max_request_length" setting to 0 in the Service Protection class.

3. Set the Service Protection class to call the rule (section: "Service Protection Rule").