How to Limit User File Upload Size in Apache

Apache is a free and open-source cross-platform very popular, secure, efficient and extensible HTTP server. As a server administrator, one should always have greater control over client request behavior, for example the size of files a user can upload and download from a server.

Read Also: 13 Apache Web Server Security and Hardening Tips

This may be useful for avoiding certain kinds of denial-of-service attacks and many other issues. In this short article, we will show how to limit the size of uploads in Apache web server.

Read Also: How to Limit File Upload Size in Nginx

The directive LimitRequestBody is used to limit the total size of the HTTP request body sent from the client. You can use this directive to specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body. You can set it in the context of server, per-directory, per-file or per-location.

For example, if you are permitting file upload to a particular location, say /var/www/ and wish to restrict the size of the uploaded file to 5M = 5242880Bytes, add the following directive into your .htaccess or httpd.conf file.

<Directory "/var/www/">
	LimitRequestBody  5242880

Save the file and reload the HTTPD server to effect the recent changes using following command.

# systemctl restart httpd 	#systemd
# service httpd restart 	#sysvinit

From now on, if a user tries to upload a file into the directory /var/www/ whose size exceeds the above limit, the server will return an error response instead of servicing the request.

Reference: Apache LimitRequestBody Directive.

You may also find these following guides for Apache HTTP server useful:

  1. How to Check Which Apache Modules are Enabled/Loaded in Linux
  2. 3 Ways to Check Apache Server Status and Uptime in Linux
  3. How to Monitor Apache Performance using Netdata on CentOS 7
  4. How to Change Apache HTTP Port in Linux

That’s it! In this article, we have explained how to limit the size of uploads in Apache web server. Do you have any queries or information to share, use the comment form below.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

4 Responses

  1. yactouat says:

    Very short and straight to the point, thank you :)

  2. Chin Huat Tan says:

    LimitRequestBody doesnt describe the purpose of the directive. That is why ordinary peoole like me find it difficult to use or configure software.

    Why cant they make is more accurate like LimitUploadFileSize.

    • Aaron Kili says:


      It is LimitRequestBody because it works for both uploads and downloads, it restricts the total size of the HTTP request body sent from the client. A client can request to upload or download a file of a given size.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.