diff --git a/roles/nginxplus/defaults/main.yml b/roles/nginxplus/defaults/main.yml
index e51c1ffff5..9bb900a7f4 100644
--- a/roles/nginxplus/defaults/main.yml
+++ b/roles/nginxplus/defaults/main.yml
@@ -441,3 +441,4 @@ nginx_stream_template:
 # increase the size first, when that stops working, increase the number of hash buckets in the table
 nginx_server_names_hash_bucket_size: 64
 nginx_server_names_hash_max_size: 1024
+client_max_body_size: 0
diff --git a/roles/nginxplus/templates/http/library.conf.j2 b/roles/nginxplus/templates/http/library.conf.j2
index 57924a8f4e..63bbd7a73d 100644
--- a/roles/nginxplus/templates/http/library.conf.j2
+++ b/roles/nginxplus/templates/http/library.conf.j2
@@ -48,7 +48,7 @@ server {
     ssl_certificate_key        /etc/letsencrypt/live/{{ item.name }}/privkey.pem;
     ssl_session_cache          shared:SSL:1m;
     ssl_prefer_server_ciphers  on;
-    client_max_body_size       0;
+    client_max_body_size       {{ client_max_body_size }};
 
   {% if item.visibility == "public" %}
     location {{ item.location }} {
diff --git a/roles/nginxplus/vars/main.yml b/roles/nginxplus/vars/main.yml
index f52a44add1..dafc500247 100644
--- a/roles/nginxplus/vars/main.yml
+++ b/roles/nginxplus/vars/main.yml
@@ -22,6 +22,9 @@ sites:
     ## most sites have app_protect disabled
     ## set app_protect: enabled to enable it
     # app_protect: enabled 
+    ## client_max_body_size defines the upper limit on request sizes
+    ## default is 0 (don't check), if you change this, you must include the unit of measurement
+    # client_max_body_size: 8m
     ## error handling templates live in /etc/nginx/conf.d/templates/
     ## the default template for handling errors is errors.conf
     # error_handling_template: cdh-errors.conf
@@ -49,6 +52,8 @@ sites:
     short_name: allsearch-api
     location: "/"
     visibility: public
+    lbtechnique: least_conn
+    client_max_body_size 512k
     app_protect: disabled
     rate_limit: enabled
     rate_limit_mb: 10
@@ -60,7 +65,10 @@ sites:
     short_name: allsearch-api-staging
     location: "/"
     visibility: private
-    app_protect: disabled
+    lbtechnique: least_conn
+    client_max_body_size: 512k
+    app_protect: enabled
+
   # - name: annotations-prod
   #   servers:
   #     - annotations-prod1