Hi our F5 AWAF block some requests due to XML format violation, specifically it exceeds the allowable xml document size of 10MB. I noticed that there are other requests greater than 10MB which was able to pass through F5 ok. The difference of blocked request from passed request is the content-type below, can someone enlighten me please as to why F5 blocks the other request.
blocked request
Content-Type: application/xop+xml;charset=utf-8;type=\"\"application/soap+xml\"\"
passed request
Content-Type: multipart/related; type=\"\"application/xop+xml\"\";start=\"\"<http://tempuri.org/0>\"\";boundary=\"\"uuid:08022a5b-8765-6e44-76e4-0d2gfc654f6a+id=87\"\";start-info=\"\"application/soap+xml\"\"; action=\"\"WebEndpoint_services_submit_ABC_Bind_submitRequest\"\"