Skip to content

Commit bd37097

Browse files
PRMerger8PRMerger8
authored
Merge pull request #105071 from vhorne/waf-limits
clarify max file upload
2 parents 4469f27 + fcd0906 commit bd37097

File tree

1 file changed

+8
-2
lines changed

1 file changed

+8
-2
lines changed

articles/web-application-firewall/ag/application-gateway-waf-configuration.md

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: This article provides information on Web Application Firewall reque
44
services: web-application-firewall
55
author: vhorne
66
ms.service: web-application-firewall
7-
ms.date: 10/17/2019
7+
ms.date: 02/20/2020
88
ms.author: victorh
99
ms.topic: conceptual
1010
---
@@ -86,7 +86,13 @@ So if the URL `http://www.contoso.com/?user%281%29=fdafdasfda` is passed to the
8686
Web Application Firewall allows you to configure request size limits within lower and upper bounds. The following two size limits configurations are available:
8787

8888
- The maximum request body size field is specified in kilobytes and controls overall request size limit excluding any file uploads. This field can range from 1-KB minimum to 128-KB maximum value. The default value for request body size is 128 KB.
89-
- The file upload limit field is specified in MB and it governs the maximum allowed file upload size. This field can have a minimum value of 1 MB and a maximum of 500 MB for Large SKU instances while Medium SKU has a maximum of 100 MB. The default value for file upload limit is 100 MB.
89+
- The file upload limit field is specified in MB and it governs the maximum allowed file upload size. This field can have a minimum value of 1 MB and the following maximums:
90+
91+
- 100 MB for v1 Medium WAF gateways
92+
- 500 MB for v1 Large WAF gateways
93+
- 750 MB for v2 WAF gateways
94+
95+
The default value for file upload limit is 100 MB.
9096

9197
WAF also offers a configurable knob to turn the request body inspection on or off. By default, the request body inspection is enabled. If the request body inspection is turned off, WAF doesn't evaluate the contents of HTTP message body. In such cases, WAF continues to enforce WAF rules on headers, cookies, and URI. If the request body inspection is turned off, then maximum request body size field isn't applicable and can't be set. Turning off the request body inspection allows for messages larger than 128 KB to be sent to WAF, but the message body isn't inspected for vulnerabilities.
9298

0 commit comments

Comments
 (0)