There are request body limitations for WAFs from Akamai, AWS, Azure, Cloudflare, GCP (& probably others). Some have 8KB & others extend to 128KB. To be secure reject request bodies that are larger than what the WAF can process.
https://t.co/tbkpj6idel
https://t.co/5Fzq3ytbZa