Just few comments based on what I see in the screenshot:
The action is "Continue". You probably want to change this to "Block"
The second rule checks for the RESPONSE-Header Content-Length. But you want to look at the REQUEST-Header as it is the POST request message you are interested in.
The first rule will never trigger because the condition at the rule set will only match for HTTP/HTTPS and POST/PUT but for FTP or MPUT.
Make sure the rule set is executed in the request cycle for POSTs. You may have this set but I cannot verify on the screenshot. I only mention because it is a typical error.
Usually it is a good strategy to create these kind of rules, step-by-step, e.g. first try to block ALL Post messages. When this works, block if the POST message has a Content-Length header. And in a third step add the condition to compare the header value against your 100MB constant.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.