Use the Request Size Limit policy to restrict requests based on the size of their content.
Policy Execution Order
The Request Size Limit policy executes early in request processing to limit the effects of oversized requests.
Expression Enabled Fields in API Policies
|Parameter Name||Description||Default Value||Example|
|Label||Required. The name for the API policy.||Request Size Limit||SizeLimit_DevOrg|
When this policy should be applied
|An expression enabled field that determines the condition to be fulfilled for the API policy to execute.||True||request.method == "POST"|
|Max Request Size||The maximum number of bytes allowed.||10,000,000 (10 MB)||25,000,000|
If the request has content (for example, a POST or PUT request) and the content length is missing or is larger than the configured limit, the request is rejected.
HTTP Response Codes
|400||The content length is not a number.|
|411||The content length is missing or invalid.|
|413||The content-length is bigger than the configured size.|