diff --git a/internal/api/icons/service/service.go b/internal/api/icons/service/service.go
index dadcae3..3bd1c67 100644
--- a/internal/api/icons/service/service.go
+++ b/internal/api/icons/service/service.go
@@ -174,5 +174,7 @@ func (m *IconsModule) RegisterRoutes(router *gin.Engine) {
 	publicRouter.GET("/mobile/icons/collections/:collection_id", m.RoutesHandler.FindIconsCollection)
 	publicRouter.GET("/mobile/icons/collections", m.RoutesHandler.FindAllIconsCollection)
 
-	publicRouter.POST("/mobile/icons/requests", m.RoutesHandler.CreateIconRequest)
+	publicRouter.
+		Use(httpsec.BodySizeLimitMiddleware(64*1000)).
+		POST("/mobile/icons/requests", m.RoutesHandler.CreateIconRequest)
 }
diff --git a/internal/common/http/request.go b/internal/common/http/request.go
index 77012ac..7f517ff 100644
--- a/internal/common/http/request.go
+++ b/internal/common/http/request.go
@@ -4,6 +4,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 	"github.com/twofas/2fas-server/internal/common/logging"
+	"net/http"
 )
 
 const (
@@ -43,3 +44,11 @@ func CorrelationIdMiddleware() gin.HandlerFunc {
 		c.Set(CorrelationIdKey, CorrelationId)
 	}
 }
+
+func BodySizeLimitMiddleware(requestBytesLimit int64) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		var w http.ResponseWriter = c.Writer
+
+		c.Request.Body = http.MaxBytesReader(w, c.Request.Body, requestBytesLimit)
+	}
+}