Solved

Max file upload vs Max request body size - Azure Application Gateway

  • 1 March 2023
  • 2 replies
  • 1682 views

Userlevel 1
Badge +3
  • Vanguard
  • 19 replies

Hi there,

we're running into a azure application gateway issue. We have an application where we can trigger a task on a record. In this task we upload an asset. The issue is that we can only upload files that are smaller then 128Kb. 

Between us and the application in a Azure Application Gateway. This application gateway has a policy that enables inspection of the request body. The MAX REQUEST BODY SIZE is set to 128Kb. The MAX FILE UPLOAD SIZE is set to 100Mb.

Is seems that since Universal uses odata to communicate to indicium the file upload is parsed into the request body and thereby is limited to 128Kb in size. The clients IT department forwarded the following documentation that indicates the max request body size limit is 2Mb on the WAF.

The other solution they suggested was changing the content-type to multipart/form-data. That way the file upload size limit of 100Mb would be applied. As we're using universal this isn't possible.

Any other suggestions because needing to limit the file upload to 2Mb is probably going to be unaccetable to the client. 

With kind regard,
Bas van Ginkel

PS. We know it's the WAF since file uploads to the DEV and TEST environment (they don't have a WAF in front of them) works flawlesly. 

Microsoft documentation:

https://learn.microsoft.com/en-us/azure/web-application-firewall/ag/application-gateway-waf-request-size-limits

 

 

icon

Best answer by Anne Buit 1 March 2023, 16:19

View original

This topic has been closed for comments

2 replies

Userlevel 7
Badge +5

Hi Bas,

Azure Application Gateway WAF only considering multipart/form-data as files is quite a constraint.

Would it be possible to add an exclusion rule for content-type: application/octet-stream?

Userlevel 1
Badge +3

HI @Anne Buit , IT department is looking into it. 

Should look something like this for other people working with Azure Application Firewall.

Will let you know if this worked.

But please do consider changing the universal GUI to user the normal multipart/form-data content-type so that firewall interpret it as an actual file upload.