NeuralTrust | The leading security platform for generative AI

The request_size_limiter plugin enforces strict request size boundaries for incoming HTTP requests to protect services from oversized payloads, abuse, and resource exhaustion.

Size Limits

The plugin can limit the following parts of the request:

Request Part	Description	Default
Headers	Total headers size	8KB
Body	Request body size	1MB
URL	URL length	2KB
Header Count	Number of headers	100

Configuration

{
  "name": "request_size_limiter",
  "enabled": true,
  "stage": "pre_request",
  "settings": {
    "max_header_size": 8192,
    "max_body_size": 1048576,
    "max_url_length": 2048,
    "max_header_count": 100,
    "error_message": "Request size exceeds limit"
  }
}

Configuration Parameters

Parameter	Type	Description	Required	Default
max_header_size	number	Maximum headers size in bytes	No	8192
max_body_size	number	Maximum body size in bytes	No	1048576
max_url_length	number	Maximum URL length in bytes	No	2048
max_header_count	number	Maximum number of headers	No	100
error_message	string	Custom error message	No	”Request size exceeds limit”

Character-Based Limits

In addition to byte-based limits, the plugin supports request character limits and optional enforcement of the Content-Length header.

Parameter	Type	Description	Default
allowed_payload_size	number	Payload size threshold (unit configurable)	10MB
size_unit	string	Size unit: `bytes`, `kilobytes`, or `megabytes`	`megabytes`
max_chars_per_request	number	Max allowed characters per request	100,000
require_content_length	boolean	Whether `Content-Length` header must be present	false

Response Headers

On success, the plugin returns informational headers:

Header Name	Description
X-Request-Size-Bytes	Actual request size in bytes
X-Request-Size-Chars	Number of characters in the request
X-Size-Limit-Bytes	Configured max size limit in bytes
X-Size-Limit-Chars	Configured max character count limit

Usage Example

curl -X POST "http://localhost:8080/api/v1/gateways" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Size Limited Gateway",
    "subdomain": "size-limited",
    "required_plugins": [
      {
        "name": "request_size_limiter",
        "enabled": true,
        "stage": "pre_request",
        "settings": {
          "max_header_size": 8192,
          "max_body_size": 1048576,
          "max_url_length": 2048,
          "max_header_count": 100
        }
      }
    ]
  }'

Behavior Summary

Validates size and character limits against configured thresholds
Supports size units: bytes, kilobytes, megabytes
Blocks request with HTTP 413 Payload Too Large when limits are exceeded
Optionally enforces presence of Content-Length
Adds response headers with diagnostics
Provides clear error messages for violations

Getting Started

Core Concepts

Traffic Management

Rate Limiting & Request Control

Content Security

Application Security

Data masking

Extending Functionality

Observability & Monitoring

API Reference

Request Size Limiting

Size Limits

Configuration

Configuration Parameters

Character-Based Limits

Response Headers

Usage Example

Behavior Summary

Getting Started

Core Concepts

Traffic Management

Rate Limiting & Request Control

Content Security

Application Security

Data masking

Extending Functionality

Observability & Monitoring

API Reference

​Size Limits

​Configuration

​Configuration Parameters

​Character-Based Limits

​Response Headers

​Usage Example

​Behavior Summary

Size Limits

Configuration

Configuration Parameters

Character-Based Limits

Response Headers

Usage Example

Behavior Summary