I had several notices on this rule on my own custom application, Although I also had another issue at the same time so I'm trying to determine the cause.https://www.atomicorp.com/wiki/index.php/WAF_330791
When I got up from a nap lol. I saw asl -s had 3 intances running and 3 crons, and 3 yum processes. So some how these got stuck. I had to do a manually pid kill to be able to re-run asl -s -f and clear out all those bad dead pids. But I'm trying to find out if the WAF rule trigger has anything to do with this problem also.
The application function that triggered this rule is a simple upload in php. Basically users have the ability to upload a .tga file or .jpg files in 2 different forms. The TGA file is used as a custom skin for them and the jpg's are for a 3d modeled picture of that skin. Of course the system has mime types associated with file types. So you can't really try to upload anything but those file types. This is a system that's been functional and working for 2 years, and still works perfectly. So I'm wondering if this tga file is the cause of the request body size. I'd understand if this couldn't be read as it's a bit of uncommon file type. However After I did asl -s -f I don't seem to have any issues with these upload forms. So I'm thinking maybe it was a connection issue. I don't think it was an attack simply because these was not happening in a large rate, and was over a few different ip addresses. I can match these ip's up with legit users, at the same rate I rather know what the issue is.
So if anyone has any advice would be greatly appreciated.
Edit: Now that I look closer I see it had this error on other image upload systems. jpg files too. So I think it must have been a connection error. This is the data message below
[data "Multipart parsing error: Multipart: Final boundary missing."]