Request limits specify the maximum size that is allowed for the HTTP request header fields of incoming requests. Any requests with header fields that exceed the limits are dropped and assumed to be buffer overflow attacks. Properly configured request limits mitigate buffer overflow exploits, preventing Denial of Service (DoS) attacks.
Request limits are enabled by default. The default limits are normally sufficient, but you can reconfigure them for your specific requirements.
When to Change Default Request Limits
If a service or server is encountering issues with HTTP request header fields that are smaller than the request limits, decrease the maximum size allowed in the header fields.
Decreasing the maximum size allowed for HTTP request headers can help the Barracuda Load Balancer ADC process requests more quickly. For example, you can decrease the Max URL Length in the request limits, so the Barracuda Load Balancer ADC is required to parse a smaller number of bytes.
If the default request limits cause false alarms, you can increase the maximum size allowed in the header fields.
Configure Request Limits
To configure request limits for a service:
- Go to the SECURITY > Security Policies page.
- In the left pane, click the name of the security policy that is assigned to the service.
- In the Request Limit section of the policy settings, review and edit each setting.
- After you finish configuring the request limits, click Save Changes.