Support Center > Search Results > SecureKnowledge Details
Large file not being dropped by DLP, even though it is configured to drop such files due to extreme condition.
Symptoms
  • Large file not being dropped by DLP, even though it is configured to drop such files due to extreme condition. (When uploading large file over 150 MB, it is NOT being dropped by DLP, even though DLP is configured to drop such files due to extreme condition.)
  • Looking at debug it seems that the statistics taken by DLP blade are counting to 10MB only and then start all over. This way the extreme condition is not reached:
    [cpu_6];[fw4_1];dlpk_cmi_handle_conn_body_state: payload_transferred '9999432', http_max_file_size_limit is '157286400'; [cpu_6];[fw4_1];dlpk_cmi_handle_conn_body_state: payload_transferred '10000418', http_max_file_size_limit is '157286400'; [cpu_6];[fw4_1];dlpk_cmi_update_http_last_buffer_statistics: Called. payload_transferred = 10000418;
    [cpu_6];[fw4_1];dlpk_cmi_handle_conn_body_state: payload_transferred '1460', http_max_file_size_limit is '157286400';
    [cpu_6];[fw4_1];dlpk_cmi_handle_conn_body_state: payload_transferred '2920', http_max_file_size_limit is '157286400';
Cause

When uploading large file, using partial content with "content-range" header, file is uploaded by chunks in different connections making it impossible to accumulate full file size (payload_transferred).

If DLP set to drop traffic on extreme condition, files larger then 150MB (default) will not be dropped.


Solution
Note: To view this solution you need to Sign In .