RRuna

Body Limit Middleware

Limit HTTP request body size to avoid oversized requests consuming memory and connections

middleware/bodylimit limits request body size. It first checks Content-Length, then wraps the request body with http.MaxBytesReader so clients cannot keep streaming oversized content without an accurate length.

Install

go get github.com/duxweb/runa/middleware

Basic usage

import "github.com/duxweb/runa/middleware/bodylimit"

route.Default().Use(bodylimit.New())

The default limit is 4MB.

Custom size

route.Default().Use(bodylimit.New(bodylimit.Config{
    Limit: 8 << 20, // 8MB
}))

Limit is measured in bytes.

Allow larger upload routes

route.Default().Use(bodylimit.New(bodylimit.Config{
    Limit: 4 << 20,
    Next: func(ctx *route.Context) bool {
        return ctx.Request().URL.Path == "/upload"
    },
}))

route.Default().Post("/upload", upload).Use(bodylimit.New(bodylimit.Config{
    Limit: 100 << 20,
}))

Use a small global limit for normal APIs, then mount a larger limit only on upload routes.

Config fields

Field Type Default Description
Next func(*route.Context) bool nil Skip when true
Limit int64 4 << 20 Max request body bytes

Relationship with security

security.New(...) includes bodylimit by default. The default size is 32MB, and you can adjust it like this:

route.Default().Use(security.New(
    security.Production(),
    security.BodyLimit("16MB"),
))

Common problems

  • bodylimit only limits request bodies. It does not limit URL query, headers, or response size.
  • If your app needs large uploads, loosen the limit only on upload routes instead of globally.
  • When the limit is exceeded, the current implementation returns a normal error; final status is decided by route error rendering.
Edit this page