diff --git a/proxy/main.go b/proxy/main.go
index 7d01449..e6834c6 100644
--- a/proxy/main.go
+++ b/proxy/main.go
@@ -13,6 +13,8 @@ import (
 	"strings"
 )
 
+const MAX_SIZE = 2 ^ 16 // 65kb
+
 func main() {
 	proxy := &httputil.ReverseProxy{
 		Rewrite: func(r *httputil.ProxyRequest) {
@@ -39,15 +41,17 @@ func main() {
 			// Read response body into data. If body is encoded, decode it.
 			var data []byte
 
+			// Limit body size to prevent self-DOS
+			bodyReader := io.LimitReader(r.Body, MAX_SIZE)
 			switch r.Header.Get("Content-Encoding") {
 			case "gzip":
-				reader, _ := gzip.NewReader(r.Body)
+				reader, _ := gzip.NewReader(bodyReader)
 				data, _ = io.ReadAll(reader)
-				r.Body.Close()
+				reader.Close()
 			default:
-				data, _ = io.ReadAll(r.Body)
-				r.Body.Close()
+				data, _ = io.ReadAll(bodyReader)
 			}
+			r.Body.Close()
 
 			// Rewrite 30x redirect location
 			locHeader := r.Header.Get("Location")