Skip to main content

Request Size Limit

Enforces a maximum size in bytes of the incoming request.


The configuration shows how to configure the policy in the 'policies.json' document.

"name": "my-request-size-limit-inbound-policy",
"policyType": "request-size-limit-inbound",
"handler": {
"export": "RequestSizeLimitInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"maxSizeInBytes": 4098,
"trustContentLengthHeader": true
  • name the name of your policy instance. This is used as a reference in your routes.
  • policyType the identifier of the policy. This is used by the Zuplo UI. Value should be request-size-limit-inbound.
  • handler/export The name of the exported type. Value should be RequestSizeLimitInboundPolicy.
  • handler/module the module containing the policy. Value should be $import(@zuplo/runtime).
  • handler/options The options for this policy:
    • maxSizeInBytes

      The maximum size of the request in bytes

    • trustContentLengthHeader

      If true, the policy will reject any request with a content-length header in excess of maxSizeInBytes bytes value, but will not verify the actual size of the request. This is more efficient and offers slightly better memory usage but should only be used if you trust/control the clients calling the gateway to send an accurate content-length. If false, the gateway will actually verify the request size and reject any request with a size in excess of the stated maximum.

Read more about how policies work