The request header size can be capped at some number of bytes. Due to the way the Go libraries work, one limit applies to all sites on the same listener (if there are multiple configured, the minimum limit is selected).

Request body sizes can also be limited. When the number of bytes read from a request body exceeds the limit, reading will terminate and an error will be sent to the client. (Technically, it depends on each middleware that reads a request body to handle the error properly, but standard Caddy directives should respond with HTTP 413.) By default, there is no size limit.

The size values must be positive integers and are interpreted as bytes unless a unit is given. Valid examples: (3,500 bytes), 500kb (500 kilobytes), 10mb (10 megabytes), (1 gigabyte).

limits *size*

• size is the maximum size for both headers and bodies (individually) for the whole site.

limits { header *size* body [*path*] *size* }

• body restricts the size of a request body, optionally only for a base path.

Limit all request headers and bodies to 7.5 kilobytes:

Limit only request bodies within /upload to 50 megabytes:

Various limits:

limits { header 100KB body /upload 100MB body /profile 25KB body /api 10KB }

Join us in the , where the open source community gathers to share their knowledge.

Purchase a commercial license to use Caddy with your business and for basic email support, along with other benefits!