A user has the following settings on their Gateway:
- Cluster-Wide Property (CWP) "io.xmlPartMaxBytes" is set to "500000"
- the policy contains a "Limit Message Size" assertion which is set to 20000 KBytes
- When sending a request with ~2.5 MB text directly in the body (i.e. no attachment) the request fails
   with the following response: "Unable to read stream: the specified maximum data size limit would be exceeded".
- "Perform WS-Security processing for this service" is disabled

According to a knowledge base article, the limit message size assertion should overrule the xmlPartMaxBytes setting, which is not the case in the user case scenario.
API gateway: Optimizing for Large Files and Messages

 

We carried out further investigations; this is our findings. 

1. If the request is larger than the CWP value. It will "fail" at the CWP value, this failure will essentially allow a blank message through after verifying
    the message size. From how the code was written, this seems intentional. Internally, the rate limit assertion does not fail with an incorrect value.

    Here are two scenarios.
       a. If request is larger than CWP and if request is larger than the assertion then the assertion will fail because of the request size.
       b. If request is larger than CWP and if request is smaller than the assertion then the assertion will fail because it will cross reference with the CWP. 
           Essentially it verifies if there is an existing error with the size, then fail.  

2. As a result of the failure with the CWP. The message will not be processed, there will just be a recorded error for other assertions to reference to.