HTTP Limits Policy
The HTTP Limits policy prevents an attacker from sending large messages that consume all your bandwidth.
This policy checks TCP protocol message sizes and headers. This policy does not check content.
The default allowed message size is large. You need to tune the message size allowed by your policy based on your application needs.
|Set the size limits to what all of your APIs can handle.|
Violations to this policy escalate as protocol errors when configuring a DoS policy.
This policy applies to all your APIs behind your Edge/Inbound endpoint. You can apply API Gateway policies to each API to enforce other API specific policies, such as throttling and JSON Threat Protection.
Navigate to Anypoint Security, click the Create Policy icon, and select Content Attack Prevention.
Add a name for your policy in the Name field.
Configure the maximum sizes for message, path header and trailers in the fields below:
Maximum Message Size
Maximum tolerated message size, in bytes, for your policy. If request body scanning is enabled, this value should be set no larger than required to prevent attackers from abusing request body checking and exhausting resources
Maximum Path Length
Maximum tolerated path size, in bytes, for your policy.
Maximum Length Of a Single Header
The maximum tolerated length of a header for your policy.
Maximum Length Of a Single Trailer
The maximum tolerated length of a trailer for your policy.
Maximum Number Of Headers and Trailers
The maximum number of headers and trailers allowed by your policy.
If you want to filter specific HTTP methods, configure them in the Allowed HTTP Request Methods field.
Allowed methods are: GET, POST, PATCH, HEAD, TRACE, OPTIONS, DELETE, and PUT.
Click Save Policy.