For security reasons we suggest enabling this plugin for any API you add to Kong to prevent a DOS (Denial of Service) attack.

Block incoming requests whose body is greater than a specific size in megabytes.


Configuration

Configuring the plugin is straightforward, you can add it on top of an API (or Consumer) by executing the following request on your Kong server:

$ curl -X POST http://kong:8001/apis/{api}/plugins \
    --data "name=request-size-limiting" \
    --data "config.allowed_payload_size=128"

api: The id or name of the API that this plugin configuration will target

You can also apply it for every API using the http://kong:8001/plugins/ endpoint. Read the Plugin Reference for more information.

form parameter default description
name The name of the plugin to use, in this case: request-size-limiting
consumer_id
optional
The CONSUMER ID that this plugin configuration will target. This value can only be used if authentication has been enabled so that the system can identify the user making the request.
config.allowed_payload_size
optional
128 Allowed request payload size in megabytes, default is 128 (128000000 Bytes)