Hello,
We have the same problem as described in Max file upload vs Max request body size - Azure Application Gateway | Thinkwise Community (thinkwisesoftware.com)
The topic is closed (I cannot comment anymore), but the suggested solution was never verified. We tried the solution and unfortunately it does not work.
I created a ticket in TCP (#10290) and I saw the ticket got updated to status “On the backlog”.
Can you provide more information on how to proceed?
Best regards,
Nick Janssen
For older Web Application Firewalls running Core Rule Set 3.1 (or lower), turning off the request body inspection allows for messages larger than 128 KB to be sent to Web Application Firewall, but the message body isn't inspected for vulnerabilities. For Policy Web Application Firewalls running Core Rule Set 3.2 (or newer), you can achieve the same outcome by disabling maximum request body limit. For Policy Web Application Firewalls running Core Rule Set 3.2 (or newer), you can achieve the same outcome by disabling maximum request body limit.
A couple of things to double-check:
Will double-check with
Thanks Arie. We were running v2, but Core Rule Set 3.1. This version does not allow to use the request body inspection, while disabling the maximum request body limit.
By using Core Rule Set 3.2, we can disable the request body limit, but still make use of the request body inspection:
In Core Rule Set 3.1, you can only turn off both, which we do not want because of security reasons.
Thanks for the help!
Note: we do see the added value of fixing this in such a way that File uploads are not limited by the Maximum request body limit, but by the Maximum file upload size setting. However, this is quite a significant effort and not a priority just yet.
So short-term recommendation is my answer above, we’ll make sure to update our Docs accordingly.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.