Back to Linter
Warningperformance

Large Client Body Size Limit

Risks of setting client_max_body_size too high in Nginx.

What This Rule Checks

This rule checks if `client_max_body_size` is set above 100 MB.

Why It Matters

A very large body size limit (>100 MB) means clients can upload massive files, potentially consuming all available disk space or memory. This can be used in denial-of-service attacks.

Bad — Triggers this rule

server {
    client_max_body_size 500m;
    # Allows 500 MB uploads — risky
}

Good — Passes this rule

server {
    client_max_body_size 25m;
    # Reasonable limit for most applications
}

How to Fix

Set `client_max_body_size` to the minimum required for your application. In Configen, adjust the value in the Performance section.

Related Rules

security-no-rate-limitingperf-no-static-caching

Check your config now

Paste your nginx.conf and get instant feedback on 20+ rules.

Open Linter →