LimitRequestBody – Apache Limiting User Upload File Size

See all Apache Webserver related FAQ
I would like to put limits on user(s) who are uploading files using Apache web server. How do I restrict the total size of the HTTP request body sent from the client under the Apache 2 Web server using the LimitRequestBody option?

To restricts the total size of the HTTP request body sent from the client use LimitRequestBody Directive. You can add this directive using .htaccess file or httpd.conf file under virtual host or directory configuration options. You can set value (in bytes) from 0 (unlimited) to 2147483647 (2GB) that are allowed in a request body. Without such configuration you may get the error such as, “Request entity too large. Request exceeds the capacity limit“, or “413 Request Entity Too Large” on your Linux or Unix server. Hence, we need to fix this issue.
Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements Linux or Unix terminal
Category Web Server
Prerequisites Apache
OS compatibility BSD Linux macOS Unix
Est. reading time 2 minutes

LimitRequestBody: Apache Limiting User Upload File Size

LimitRequestBody - Apache Limiting User Upload File Size
For example, limit /var/www/vhost/cyberciti.biz/wp-uploads to 100K, you might use the following directive (add to .htaccess or httpd.conf file):

<Directory "/var/www/vhost/cyberciti.biz/wp-uploads">
    LimitRequestBody 102400 
</Directory>
Save and close the file when using vim as a text editor by pressing the Esc+::wq. You need to restart httpd or reload the Apache (httpd) server as follows using the service command or systemctl command. For example:
# service httpd restart
OR
# service httpd reload
On a modern Linux distro you can try:
# systemctl reload httpd
OR For Debian/Ubuntu Linux
# systemctl reload apache2

A note about PHP config options apart from using LimitRequestBody – Apache limiting user upload file size

Apart from Apache server config with the LimitRequestBody. You need to set post_max_size and upload_max_filesize in the php.ini file located in the /etc/ or /usr/local/etc/ directory. See the following tutorial for more info:

Summing up

You learned about the LimitRequestBody directive that allows the user to limit the allowed size of an HTTP request message body. If the client request exceeds that limit, the Apache server will return an error response instead of servicing the request. Please note that the size of an average request message body will vary greatly depending on the nature of the resource and the methods allowed on that resource. Use this directive to have greater control over abnormal client request behaviour, which may help avoid some forms of denial-of-service (DoS) attacks.

References:

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

5 comments… add one
  • Firas Alfraih Apr 28, 2008 @ 9:28

    how can I restrict abuse the internet (heavy download) on my linux firewall

  • teo Nov 21, 2011 @ 7:12

    The example is a bit misleading, since most probably files being uploaded to the /wp-uploads directory will be uploaded via a request to a script which is in another folder (usually its parent).

  • Hosting en Chile Jul 10, 2012 @ 15:57

    Thanks you, Greetings from Chile

  • Paul Oct 4, 2012 @ 22:00

    It’s old, but it’s a high ranking on Google, so I’m going to correct slightly here: you don’t need to do an httpd restart. Do a reload – it saves resources and keeps everything online.

  • Abbas Uddin Apr 6, 2023 @ 8:53

    Thanks a lot, it worked for me.

    CentOS-7 with Apache v2.4 I was struggling for few days and made too many updates to my php.ini nothing worked as expected.

    Really the problem was Apache behind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.