HTTP request body inspection instructs the web application firewall policy to buffer the request body in memory and inspect it before sending the request headers and the buffered request body to the backend. If HTTP request body inspection does not occur, the request body is always streamed to the backends (assuming the request headers have not triggered any protection rules).

You can enable the HTTP request body inspection feature when you add your request protection rule, or update an existing protection rule to include it. Only those protection capabilities that have body inspection conditions can use this feature.

For more information, see HTTP Request Body Inspection.