End of Sale Notice:
F5 NGINX is announcing the End of Sale (EoS) for NGINX Management Suite API Connectivity Manager Module, effective January 1, 2024.
F5 maintains generous lifecycle policies that allow customers to continue support and receive product updates. Existing API Connectivity Manager Module customers can continue to use the product past the EoS date. License renewals are not available after September 30, 2024.
See our End of Sale announcement for more details.
Request Body Size Limit
Learn how to configure the Request Policy Size Limit policy to prevent Denial of Service (DoS) and other types of attacks.
Overview
In API Connectivity Manager, you can apply global policies to API Gateways and Developer Portals to ensure your organization’s security requirements are enforced.
When you add policies at the environment level, they will apply to all proxies hosted within that environment.
See the Learn about Policies topic for an overview of the different policy types and available policies.
About the Policy
The Request Body Size Limit policy, which by default is set to 1 MB, is applied to all API gateway proxy requests. If the request exceeds this limit, it will be blocked and an error code will be returned. You can adjust the limit to meet your requirements, or you can disable the policy completely by setting the max size to 0.
Intended Audience
This guide is meant for Infrastructure Administrators.
Infrastructure Administrators ensure uniform governance across an organization’s infrastructure by setting policies at the infrastructure level, enabling teams to build APIs without interruption while adhering to the organization’s standards.
Workflow for Applying Policy
To apply the policy or make changes to it, here’s what you need to do:
- Edit an existing environment or create a new one.
- Check the advanced settings for the environment to see if the policy has been applied.
- Edit the policy to make changes for each environment. Save and publish the changes.
Policy Settings
| Field | Type | Possible Values | Description | Required | Default |
|---|---|---|---|---|---|
size |
string | Example:1M or 1K |
Sets the maximum body size for client requests. Megabytes, |
No | 1M |
returnCode |
integer | In range:400-599 |
The error code that is returned to the client when the size of a request exceeds the configured value. The default error code is |
No | 413 |
Applying the Policy
You can apply this policy using either the web interface or the REST API.
See Also:
You can use tools such as
curlor Postman to interact with the API Connectivity Manager REST API. The API URL follows the formathttps://<NMS_FQDN>/api/acm/<API_VERSION>and must include authentication information with each call. For more information about authentication options, please refer to the API Overview.
To add the Request Body Size Limit policy using the REST API, send an HTTP POST request to the Environments endpoint.
| Method | Endpoint |
|---|---|
POST |
/infrastructure/workspaces/{workspace}/environments/{environment} |
JSON request
{
"policies": {
"request-body-size-limit": [
{
"action": {
"returnCode": 413,
"size": "1M"
}
}
]
}
}
This example Request Body Size Limit policy rejects requests exceeding one megabyte and returns error code 413.
To add a Request Body Size Limit policy using the web interface:
-
In a web browser, go to the FQDN for your F5 NGINX Management Suite host and log in. Then, from the Launchpad menu, select API Connectivity Manager.
-
On the left menu, select Infrastructure.
-
Choose the workspace that contains your cluster’s environment from the list of workspaces.
-
In the Environments section, select the environment name for your cluster.
-
In the list of clusters, locate the cluster you want to add the policy to. On the Actions menu (represented by an ellipsis,
...), select Edit Advanced Config. -
On the left menu, select Global Policies.
-
Locate the Request Body Size Limit policy in the list of policies. On the Actions menu (represented by an ellipsis,
...), select Add Policy. -
On the Request Body Size Limit form, complete the necessary fields:
- Error code: Specify the error code to return when a request exceeds the maximum size. The default is
413. - Request body size: Enter the maximum body size in megabytes or kilobytes. The default is 1 megabyte.
- Error code: Specify the error code to return when a request exceeds the maximum size. The default is
-
Select Add to apply the policy to the cluster.
-
Select Save and Submit to deploy the configuration.