Increasing the default Ignore Requests or Ignore Responses Smaller Than 4096 Bytes
search cancel

Increasing the default Ignore Requests or Ignore Responses Smaller Than 4096 Bytes


Article ID: 248976


Updated On:


Data Loss Prevention Network Monitor and Prevent for Web


Our Network Prevent for Web (NPW) server has the minimal transaction size set to 4kb as recommended by Broadcom in the ICAP configuration: 


However we have seen a large number of web transactions that appear to be collection process instigated by the application which are above 4kb.

As an example we ran a policy for several hours and received 1000+ incidents for the following URL:

The following article that suggest this is a Microsoft tracking process not instigated by the user: Edge issue when access website - Microsoft Community

Interested to know if there is a workaround or recommendation to minimise these type  of events.



Release : 15.8

Component : Default-Sym


We have recently increased queues on the web proxy, and an investigation into the logs has shown that there’s lots of POST requests generated by websites which don’t seem to be end-user generated traffic.

Some example websites which are producing this which we saw for customers are:

There is not much that can be done from the DLP side, and if the Request Filtering limit is already at the default of 4K, then it might be that these POST requests are still of a larger size and will be analysed by the NPW.



There are two options to workaround this problem: 

Option 1. Increase the Request Filtering size limit (ideally we would not suggest increasing the size limit above 4k as you risk missing detections, if you do so then you must acknowledge the potential exists for data leakage of content larger in size)

Option 2. Configure the web proxy to only forward POST requests from websites which do constitute a possible data leak to the NPW, while for others, having this bypassed from being inspected.

In conclusion, the Option 2 would be the recommended approach, keep adding Exclusions in the web proxy for these sites since they are not triggered by the users themselves.

It is far better if this unwanted traffic is not submitted in the ICAP to the NPW for load/frequency reasons to avoid impacting the overall delay and performance.