Active rule currently published.
Multipart request body failed strict validation
This is not a rule. This is an internal error from the multipart assembly engine in the WAF.
When this error occurs, the alert will also include a line similar to this:
msg "Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM , IQ 1, IH 0, IP 0, FL 0
Each capitalized two letter combination indicates what the specific invalid condition, or conditions are for the invalid multipart request. A "0" means that error does not exist, a "1" means that error does. So in the example above the invalid request has an IQ error. These are further documented below:
None. There are no valid conditions when this can occur. If you are seeing this error, it means the multi-part request is invalid.
None. Do not disable this rule. This will allow attackers to bypass the WAF. Instead you should investigate your application, server and client to determine which specific type of issue this multipart message has and why the client, application or server is generating these invalid messages.
Knowledge Base Articles