Getting a 403 when posting a long string to an Azure API

Chozang
November 6, 2024
105 views
0 votes
2 Answers

We have an Azure API which accepts a List<string>. It works fine locally, and it works fine when called by a web page. However, when we call it on the server from Postman, it only works when the string (for purposes of our discussion and testing we’re only sending one) is less than 102362 characters, but gives a 403 when it’s greater than 102362 characters. It doesn’t even make it inside the method.

Same problem in JMeter.

This is the signature of the method:

[HttpPost]
[Route("MergeBase64ToPDF")]
public IResult MergeBase64ToPDF([FromBody] MergeBase64ToPDFRequest MergeBase64Request)
{
//doesn't make it here

Tags: azure c#postman

Answers

- SureshChikkam
- November 6, 2024 at 1:33 pm
- 0 votes
0
but gives a 403 when it’s greater than 102362 characters. It doesn’t even make it inside the method.

By default, Azure App Services have a maximum request size limit. check that Kestrel in ASP.NET is configured to accept larger payloads.

Configure the request size limit.

program.cs:
```
var builder = WebApplication.CreateBuilder(args);

// Configure Kestrel to allow large request sizes
builder.WebHost.ConfigureKestrel(serverOptions =>
{
    serverOptions.Limits.MaxRequestBodySize = 50 * 1024 * 1024; // 50 MB
});

var app = builder.Build();

app.UseHttpsRedirection();
app.MapControllers();

app.Run();
```
Here I created a simple script to generate a base64-encoded string exceeding the size threshold:
```
import base64

# Generate a large string
large_string = "a" * 102400  # 102,400 characters

# Encode to base64
base64_string = base64.b64encode(large_string.encode()).decode()

# Save to a file (optional)
with open("large_payload.json", "w") as file:
    file.write(f'["{base64_string}"]')
```
- This script created a base64 string of approximately 102,400 characters and saves it in a large_payload.json file.
After this I have deployed my application to app service and tested using postman

Made a POST request to the API.
Login or Signup to reply.

- ShanmugamSudalaimuthu
- November 6, 2024 at 6:29 pm
- 0 votes
0
There are 3 places where this error could be thrown – the web application server (Kestrel), Azure Web Application Firewall, Azure APIM. As the web application that connects to the API is able to send this request and only the Postman requests are failing, I suspect this is due to Azure Web Application Firewall. Refer this article to modify the limits in WAF.

For controlling content length in APIM please refer this thread

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.