How to Limit User File Upload Size in Apache

by Aaron Kili | Published: August 24, 2018 | August 24, 2018

 Download Your Free eBooks NOW - 10 Free Linux eBooks for Administrators | 4 Free Shell Scripting eBooks

Apache is a free and open-source cross-platform very popular, secure, efficient and extensible HTTP server. As a server administrator, one should always have greater control over client request behavior, for example the size of files a user can upload and download from a server.

Read Also: 13 Apache Web Server Security and Hardening Tips

This may be useful for avoiding certain kinds of denial-of-service attacks and many other issues. In this short article, we will show how to limit the size of uploads in Apache web server.

The directive LimitRequestBody is used to limit the total size of the HTTP request body sent from the client. You can use this directive to specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. You can set it in the context of server, per-directory, per-file or per-location.

For example, if you are permitting file upload to a particular location, say /var/www/example.com/wp-uploads and wish to restrict the size of the uploaded file to 5M = 5242880Bytes, add the following directive into your .htaccess or httpd.conf file.

<Directory "/var/www/example.com/wp-uploads">
LimitRequestBody  5242880
</Directory>

Save the file and reload the HTTPD server to effect the recent changes using following command.

# systemctl restart httpd  #systemd
OR
# service httpd restart  #sysvinit

From now on, if a user tries to upload a file into the directory /var/www/example.com/wp-uploads whose size exceeds the above limit, the server will return an error response instead of servicing the request.