Seems nobody has an opinion here, so let's add even more thoughts
As we want to enforce SLAs and ask each project team to:
- give us estimated number of request per seconds
- give us estimated message size
In case message size is really big, let's say 10MB, we first ask project to activate gzip compression.
How can we enforce size limit, that take into account compressed bodies ?
From doc, can we assume:
- "Limit Message Size" is indeed done on uncompressed body
- Only way to inspect compressed body is to use "Response Size Limit" on the "HTTPS Route" assertion provided no assertion is used to inspect/modify response as it is stated in doc that:
Special note when working with compressed responses
Under normal conditions, the Response Size Limit applies to the compressed message size. But if there are assertions that must act on the uncompressed response (for example, Evaluate Regular Expression Assertion, Evaluate Response XPath Assertion, etc.), then the uncompressed response size applies. For example, the response size is set at 50KB and a 40KB compressed response arrives--that message passes normally. However if there are assertions that must act on the uncompressed response and the message expands to 90KB uncompressed, then it exceeds the 50KB size limit and the policy fails.
But then doc also says:
Note: The Response Size Limit setting takes effect only if the Gateway further processes the response message. This setting (as well as the io.xmlPartMaxBytes cluster property) does not apply if a response is streamed back to the client with no processing required by the Gateway. (Response streaming is controlled by the io.HttpResponseStreaming cluster property.) To limit the size of the message sent back to the client, use the Limit Message Size Assertion.
So questions are:
- What are really those "normal conditions" ?
- How to be 100% sure "Response Size Limit" is actually "enabled" and will be take into account a compressed body size ?
- Is this setting dependent on "content-length" http header presence ?
- on a dual Gateway scenario, how to stop streaming only between LAN and DMZ ?