Use the Request Size Limit policy to restrict requests based on the size of their content. 

Policy Execution Order

The Request Size Limit policy executes early in request processing to limit the effects of oversized requests.

Parameter NameDescriptionDefault ValueExample
LabelRequired. The name for the API policy.Request Size LimitSizeLimit_DevOrg

When this policy should be applied

An expression enabled field that determines the condition to be fulfilled for the API policy to execute.Truerequest.method == "POST"
Max Request SizeThe maximum number of bytes allowed.10,000,000 (10 MB)25,000,000 

If the request has content (for example, a POST or PUT request) and the content length is missing or is larger than the configured limit, the request is rejected.

HTTP Response Codes

CodeMeaning
400The content length is not a number.
411The content length is missing or invalid.
413The content-length is bigger than the configured size.