skip to Main Content

We have an Azure API which accepts a List<string>. It works fine locally, and it works fine when called by a web page. However, when we call it on the server from Postman, it only works when the string (for purposes of our discussion and testing we’re only sending one) is less than 102362 characters, but gives a 403 when it’s greater than 102362 characters. It doesn’t even make it inside the method.

Same problem in JMeter.

This is the signature of the method:

[HttpPost]
[Route("MergeBase64ToPDF")]
public IResult MergeBase64ToPDF([FromBody] MergeBase64ToPDFRequest MergeBase64Request)
{
//doesn't make it here

2

Answers


  1. but gives a 403 when it’s greater than 102362 characters. It doesn’t even make it inside the method.

    By default, Azure App Services have a maximum request size limit. check that Kestrel in ASP.NET is configured to accept larger payloads.

    Configure the request size limit.

    program.cs:

    var builder = WebApplication.CreateBuilder(args);
    
    // Configure Kestrel to allow large request sizes
    builder.WebHost.ConfigureKestrel(serverOptions =>
    {
        serverOptions.Limits.MaxRequestBodySize = 50 * 1024 * 1024; // 50 MB
    });
    
    var app = builder.Build();
    
    app.UseHttpsRedirection();
    app.MapControllers();
    
    app.Run();
    

    Here I created a simple script to generate a base64-encoded string exceeding the size threshold:

    import base64
    
    # Generate a large string
    large_string = "a" * 102400  # 102,400 characters
    
    # Encode to base64
    base64_string = base64.b64encode(large_string.encode()).decode()
    
    # Save to a file (optional)
    with open("large_payload.json", "w") as file:
        file.write(f'["{base64_string}"]')
    
    • This script created a base64 string of approximately 102,400 characters and saves it in a large_payload.json file.

    After this I have deployed my application to app service and tested using postman

    Made a POST request to the API.

    enter image description here

    Login or Signup to reply.
  2. There are 3 places where this error could be thrown – the web application server (Kestrel), Azure Web Application Firewall, Azure APIM. As the web application that connects to the API is able to send this request and only the Postman requests are failing, I suspect this is due to Azure Web Application Firewall. Refer this article to modify the limits in WAF.

    For controlling content length in APIM please refer this thread

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search