![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 64%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,902 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 60%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
The check-header policy runs an exact match on the whole header. When you have
Content-Type: multipart/form-data; boundary=<calculated when request is sent>
the header value doesn't match exactly with "multipart/form-data", then the request is rejected. You can keep the check-header policy to validate the application/json content-type, but for the multipart/form-data which contains a dynamic value (the boundary=xxx) you should move to a "manual" check.
You can run the manual check extracting the Content-Type header, then applying a regex via a policy expression to detect if the header contains a valid value. Then based on the output of the regex, you can choose to block the request processing and return the 415 error.