Azure’s regional Web Application Firewall (WAF) integrated with Application Gateway v2 now supports greater control over inspection limits and size enforcement for WAF policies running Core Rule Set (CRS) 3.2 or later. This feature allows you to control request body inspection, maximum request body limit, and maximum file upload limit independently of each other. Additionally, you can now disable maximum request body limit enforcement and/or maximum file upload limit enforcement without disabling request body inspection. With this update, now you have more flexibility on how WAF inspects requests while allowing larger requests to pass without being blocked.
For more information on this feature, and how to use it, please see our inspection limit and maximum size enforcement documentation.