'How can I disable gzip compression on requests going through APIM?

We have an Azure Api Management instance behind a Cloudflare firewall. Recently we got a report of a client getting an error on a POST to the backend API.

It turned out issue was that the request was compressed (content-encoding gzip) and as the body partially contained base64 encoded stuff, the Cloudflare firewall identified that as a threat thus blocking it.

We have several options to address this, but the first option would be to see whether we can address this in APIM as different (mobile) clients sending in gzipped content will have this issue.

The most ideal solution would be to intercept some negotiation on compression, where we could just return false on that request. However I was unable to find such thing and I'm not sure about the impact on the clients.

Are there any other options we have in APIM to force clients not to send in gzip compressed requests?



Solution 1:[1]

Use set-header policy to set value of Content-Encoding header as appropriate. It will trigger internal logic in APIM to decompress/compress request content. Do that in inbound section to change request coming to backend, in outbound to change response to client.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Vitaliy Kurokhtin