TsgcWebSocketHTTPServer › Properties › MaxRequestBodySize
Maximum size in bytes of an inbound HTTP request body; protects the server from memory-exhaustion attacks.
property MaxRequestBodySize: Int64 read GetMaxRequestBodySize write SetMaxRequestBodySize;67108864 (64 MB). Use 0 for unlimited.
MaxRequestBodySize bounds the size of an inbound HTTP request body. Without such a bound a client can declare a huge Content-Length and stream an unbounded body at the server to exhaust its memory. When a request's declared body size exceeds this limit the server rejects the request with HTTP status 413 (Payload Too Large) instead of buffering it, so the attempt is stopped before any large allocation takes place.
The default of 64 MB is safe for the vast majority of applications. Raise it if your application legitimately accepts large uploads through HTTP POST, or lower it to tighten the memory bound on a public-facing server. A value of 0 disables the limit entirely (not recommended on a server reachable from untrusted networks). This limit is independent of MaxMessageSize, which bounds inbound WebSocket messages rather than HTTP request bodies.
oServer := TsgcWebSocketHTTPServer.Create(nil);
oServer.Port := 80;
// reject any HTTP request whose body is larger than 16 MB (HTTP 413)
oServer.MaxRequestBodySize := 16 * 1024 * 1024;
oServer.Active := true;