![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 89%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Hello Alex
According to some documentation, it seems to be also 128KB. When I try, and I have a request lager than 128KB, the request isn't blocked, so that would mean that the 128KB is not the limit. The only think I can think of is that it only checks the first 128KB of data.
Azure Front Door WAF only inspects the first 128KB of the data and the remaining data is allowed through without inspection.
As per Azure WAF Request size limits: The maximum request body size field is specified in kilobytes and controls overall request size limit excluding any file uploads. This field has a minimum value of 1 KB and a maximum value of 128 KB. The default value for request body size is 128 KB.
However, For CRS 3.2 (on the WAF_v2 SKU) and newer, these limits are as follows:
2MB request body size limit
4GB file upload limit.
Request Size Limit: This is the maximum size of the request that can be processed by the service. For Azure Front Door and Application Gateway, this is the total size of the request, including headers and body.
Request Inspection Limit: This refers to the maximum size of the request body that the WAF can inspect for security threats. In the case of Application Gateway, the inspection limits you mentioned (128 KB for CRS 3.1 and 2 MB for CRS 3.2) are specifically for the WAF's ability to analyze the request for potential attacks
I hope this has been helpful!
If the above is unclear or you are unsure about something, please add a comment below.
please don’t forget to close the thread by clicking Accept the answer wherever the information provided helps you, as this can be beneficial to other community members.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 83%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)