Introduction

A 413 Request Entity Too Large error means the request body is bigger than one layer in the delivery path is willing to accept. The upload may never reach your app at all. The fix is to identify which layer rejects the request first and then align body-size limits so the full path supports the request you actually expect.

Symptoms

  • File uploads fail with 413 Request Entity Too Large
  • Large form submissions or API requests are rejected immediately
  • Smaller uploads work while bigger ones fail consistently
  • The issue starts after adding a CDN, reverse proxy, or WAF
  • App logs show no matching request because the rejection happens upstream

Common Causes

  • Nginx, Apache, or another reverse proxy has a lower body-size limit than the app
  • CDN or WAF upload limits reject the request before it reaches the origin
  • Application middleware sets a request size limit lower than the server or proxy
  • PHP or framework-specific post-size limits are smaller than the uploaded payload
  • Different environments have inconsistent size limits across the request path

Step-by-Step Fix

  1. Confirm which layer returns the 413 response by checking headers, proxy logs, app logs, and CDN behavior together.
  2. Compare the failing payload size with known working requests so you can see the real threshold.
  3. Review body-size limits in every relevant layer, including CDN, WAF, reverse proxy, web server, framework middleware, and language runtime.
  4. Increase the limit only where the business case requires it, rather than setting unlimited upload sizes broadly.
  5. Make sure app-level limits and server-level limits agree so the request is not accepted by one layer and rejected by another.
  6. If large uploads are legitimate, also confirm timeout, temp storage, and processing limits can support them end to end.
  7. Retest with a payload just below and just above the intended limit to confirm the configured threshold behaves as expected.
  8. Monitor rejected request sizes after the change so abusive oversized traffic does not become a hidden resource drain.
  9. Keep upload size policy documented across environments so future infra changes do not reintroduce mismatched limits.