How to prevent large file POST requests using Azure APIM?

Question

How to prevent large file requests using Azure APIM?

Example: Block any POST request having file size > 50MB

Answer 1

There are policies called quota-by-Key and quota-by-subscription , which will help the users to block the calls that exceed the bandwidth specified. Please verify this link for more details.enter link description here

Answer 2

You can apply the following policy for all your APIs. For each POST request, the policy will check the body size, and if the size is above 50MB, it will return status 413 - Payload Too Large.

<policies>
    <inbound>
        <base />
        <choose>
            <when condition="@(context.Request.Method == "POST")">
                <set-variable name="bodySize" value="@(context.Request.Headers["Content-Length"][0])" />
                <choose>
                    <when condition="@(int.Parse(context.Variables.GetValueOrDefault<string>("bodySize"))<52428800)">
                        <!--let it pass through by doing nothing-->
                    </when>
                    <otherwise>
                        <return-response>
                            <set-status code="413" reason="Payload Too Large" />
                            <set-body>@{
                                    return "Maximum allowed size for the POST requests is 52428800 bytes (50 MB). This request has size of "+ context.Variables.GetValueOrDefault<string>("bodySize") +" bytes";
                                } 
                            </set-body>
                        </return-response>
                    </otherwise>
                </choose>
            </when>
        </choose>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>