Large notebooks cannot be saved when running behind Azure Web Application Firewall

We are running jupyterhub in Azure with WAF (Web Application Firewall) in front to secure the service. The WAF has a request body size maximum limit of 128KB and trying to save a notebook larger than this results in this error message: 413 Request Entity Too Large

Are there any hints of workarounds for this?

It is possible to turn off the request body inspection, but that will take away some security features in WAF so we want to explore any other options first.


To answer my own question: The only solution we found was to disable request body inspection.

The Contents API which is used for file save does technically support range requests for chunked file upload. However, I believe this is only used for the ‘file upload button’. It would be a challenge to use it for notebook saves, I think, which are treated specially.

At the moment, I don’t think it’s feasible to run Jupyter behind a proxy with a tiny 128k POST body limit.

Thanks for the answer. We are now running WAF in detection mode rather than blocking as jupyter sets off a lot of triggers in the OWASP ruleset. You can almost feel WAF twist in pain…

WAFs main purpose is to prevent a client to gain shell access to a web-server which is the whole point of running jupyterhub.:slight_smile: