Deploy Error Decoder

413 Request Entity Too Large — how to fix it

Q: How do I fix 413 in nginx?

Set client_max_body_size to the size you need in the http, server, or location block, then test and reload: nginx -t && systemctl reload nginx.

Quick answer: 413 Payload Too Large means the request body exceeded a configured size limit. The usual culprit is nginx's client_max_body_size (default 1 MB) — raise it in the relevant block. If nginx passes the request but your app still rejects it, raise your body-parser limit too (e.g. Express express.json({ limit: '10mb' })). Keep the limit deliberate, not unlimited.

What the error looks like

It shows up either as an nginx page or an app-level error:

<html><head><title>413 Request Entity Too Large</title></head>

# or from the app:
PayloadTooLargeError: request entity too large
  at readStream (.../raw-body/index.js)

Whoever enforces the limit first returns the 413. So the first question is always: did the proxy reject it, or did the app?

Why it happens

nginx client_max_body_size

Defaults to 1 MB. Any larger upload or JSON body is rejected before it reaches your app.

App body-parser limit

Express/body-parser defaults to ~100 KB for JSON. Bigger payloads throw PayloadTooLargeError.

A proxy in front of the proxy

A CDN or load balancer has its own body cap that fires before nginx or the app.

File uploads

Multipart uploads routinely exceed default limits; the upload middleware may also cap size.

Diagnose it in three steps

1

Find who rejects it

# Branded nginx 413 page -> it's the proxy.
# JSON/app error body  -> it's your app.
tail -f /var/log/nginx/error.log   # "client intended to send too large body"

2

Raise the nginx limit

# in http, server, or the specific location block
client_max_body_size 10m;
# then: nginx -t && systemctl reload nginx

3

Raise the app limit

app.use(express.json({ limit: '10mb' }));
app.use(express.urlencoded({ limit: '10mb', extended: true }));

The real fix

Set a deliberate ceiling, not infinity

Both layers must allow the size you actually need — and no more. An unbounded body limit is a denial-of-service vector. Pick a number that fits your largest legitimate upload, set it on the proxy and the app, and reject the rest fast.

# match the limits so they don't disagree:
#   nginx:  client_max_body_size 10m;
#   express: limit '10mb'
# and stream large file uploads to disk/object storage instead of buffering.

How Infraveil handles this

Size and rate limits in front of your app

Infraveil puts a security layer in front of your services on your own servers — rate limits, bad-traffic detection, and request controls — without you changing application code. That's the right place to enforce a sane body ceiling consistently across services, instead of discovering the mismatch one 413 at a time.

Security rules sit in front of your app — applied without code changes

Consistent limits across services from one place

Runs on servers you control, with every change recorded

See how it works More deploy fixes

Frequently asked questions

What causes a 413 error?

The request body exceeded a configured size limit — most often nginx's client_max_body_size (1 MB default) or your app framework's body-parser limit.

How do I fix 413 in nginx?

Set client_max_body_size to the size you need in the http, server, or location block, then test and reload: nginx -t && systemctl reload nginx.

Why do I still get 413 after raising nginx's limit?

Your application has its own limit. In Express, raise it with express.json({ limit: '10mb' }). Both the proxy and the app must allow the size.

Should I just set an unlimited body size?

No — an unbounded limit invites abuse and memory exhaustion. Set a deliberate ceiling that fits your largest legitimate request, and stream big uploads rather than buffering them.