Contact Free trial Login

HTTP Limits Policy

The HTTP Limits policy prevents an attacker from sending large messages that consume all your bandwidth.
This policy checks TCP protocol message sizes and headers. This policy does not check content.

The default allowed message size is large. You need to tune the message size allowed by your policy based on your application needs.

Set the size limits to what all of your APIs can handle.

Violations to this policy escalate as protocol errors when configuring a DoS policy.

This policy applies to all your APIs behind your Edge/Inbound endpoint. You can apply API Gateway policies to each API to enforce other API specific policies, such as throttling and JSON Threat Protection.

Configure an HTTP Limit Policy

  1. Navigate to Anypoint Security, click the Create Policy icon, and select Content Attack Prevention.

  2. Add a name for your policy in the Name field.

  3. Configure the maximum sizes for message, path header and trailers in the fields below:

    Value Description

    Maximum Message Size

    Maximum tolerated message size, in bytes, for your policy. If request body scanning is enabled, this value should be set no larger than required to prevent attackers from abusing request body checking and exhausting resources

    Maximum Path Length

    Maximum tolerated path size, in bytes, for your policy.

    Maximum Length Of a Single Header

    The maximum tolerated length of a header for your policy.

    Maximum Length Of a Single Trailer

    The maximum tolerated length of a trailer for your policy.

    Maximum Number Of Headers and Trailers

    The maximum number of headers and trailers allowed by your policy.

  4. If you want to filter specific HTTP methods, configure them in the Allowed HTTP Request Methods field.
    Allowed methods are: GET, POST, PATCH, HEAD, TRACE, OPTIONS, DELETE, and PUT.

  5. Click Save Policy.

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub