Azure Application Gateway WAF Mode Increase Limit on SecRequestBodyLimit
When we have the WAF set to prevention mode some of our HTTP post are denied with code 413.
Request body no files data length is larger than the configured limit (131072).. Deny with code (413)
Can you make these two settings configurable on the WAF?
Thanks for your feedback. This is planned as part of global waf configurable parameters.
Any update on the planned request to increase the max request body size limit from global waf parameters?
Ramazan Kilimci commented
Can anybody from Microsoft side comment about this feature request? Even if it cannot be implemented soon, knowing that will help customers to plan accordingly.
Nicolas Mathieu commented
We cannot use Azure WAF until this problem is solved.
I cannot believe such a defect from Microsoft.
Thanks for your help in advance.
Could someone suggest a workaround other than disabling the WAF entirely?
I've had to disable the setting so our application APIs can actually work. Exceptions don't seem to apply to it
Dan J commented
Fix this already!
Puneet K commented
Hi Azure Networking Team, Could you please prioritize this. This limitation has wider impact on our solutions.
PhaniKumar Prabhala commented
Any update on this issue. Appreciate approximate timelines for implementing this change.
Hello friends, Is anybody fix this error code 413. Kindly hep
This feature is very necessary. I hope it will be implemented as soon as possible!
please give an update on this one.
disabling the body inspection is really not an option, and if we have to add a custom rule, there is also a limit of 100 custom rules.
Brian Young commented
This is pretty critical for legacy webforms applications with _viewstate... :(
Michał Leśniewski commented
2 years in planned status...
Please, increase this limit or give possibility to exclude per URI.
Christian Pouchoulen commented
Wondering if anybody was able to make it work without disabling the body inspection? We have all the rules in the waf and need to consume an API and send json content > than the limit. Xould you help?
I was able to solve it by adding one "Web Application Firewall" then attached it to your gateway. Then add a custom rule with MatchType=String, MatchVariable=RequestUri , then Contains=/your/UriPath to match and then add an Action = Allow.
This rule should have a lower number(higher priority) if you have other rules blocking the request.
give possibility to the customer to change the http2 header sizes.
Rhett Blach commented
I would also love to know how you can get around this without disabling body inspection. I can't seem to find any mention of how to do this anywhere.
Krishna Gummuluri commented
This is what we need (based on NGINX WAF)
Request size checks - Upper limit of request size as dictated by the maximum buffer size of 10 MB; Size checks for: URL, header, Query String, whole request (when smaller than the maximum buffer), cookie, POST data. By default all the checks are enabled with the exception of POST data and whole request. The user can enable or disable every check and customize the size limits.
Oussama or anyone else - would you be able to share how to bypass this error without disabling "inspect body"?
This is very important
i found a way to bypass this error without disabling the "inspect body", but would be nice if Microsoft added some configurable parameters in next updates
Please can this be added