diff --git a/TODO b/TODO
index 7cb830d..b392028 100644
--- a/TODO
+++ b/TODO
@@ -1,9 +1,9 @@
 cache headers for static assets
 tests
-maximum size of a haste
 fix any annoying visual quirks
 add FAVICON
 cache static in memory
+add feedback for errors to UI - esp. too long
 
 # shared version only
 some way to do announcements easily (and use for ads)
diff --git a/config.js b/config.js
index 6e2f10b..0b3def2 100644
--- a/config.js
+++ b/config.js
@@ -5,6 +5,8 @@
 
   "keyLength": 6,
 
+  "maxLength": 400000,
+
   "logging": [
     {
       "level": "verbose",
diff --git a/lib/document_handler.js b/lib/document_handler.js
index 8de73ef..50d5796 100644
--- a/lib/document_handler.js
+++ b/lib/document_handler.js
@@ -5,6 +5,7 @@ var winston = require('winston');
 var DocumentHandler = function(options) {
   if (options) {
     this.keyLength = options.keyLength || 10;
+    this.maxLength = options.maxLength; // none by default
     this.store = options.store;
   }
 };
@@ -35,8 +36,15 @@ DocumentHandler.prototype.handlePost = function(request, response) {
       response.writeHead(200, { 'content-type': 'application/json' });
     } 
     buffer += data.toString();
+    if (_this.maxLength && buffer.length > _this.maxLength) {
+      _this.cancelled = true;
+      winston.warn('attempted to upload a document >maxLength', { maxLength: _this.maxLength });
+      response.writeHead(400, { 'content-type': 'application/json' });
+      response.end(JSON.stringify({ message: 'document exceeds maximum length' }));
+    }
   });
   request.on('end', function(end) {
+    if (_this.cancelled) return;
     _this.store.set(key, buffer, function(res) {
       if (res) {
         winston.verbose('added document', { key: key });
@@ -44,6 +52,7 @@ DocumentHandler.prototype.handlePost = function(request, response) {
       }
       else {
         winston.verbose('error adding document');
+        response.writeHead(500, { 'content-type': 'application/json' });
         response.end(JSON.stringify({ message: 'error adding document' }));
       }
     });
diff --git a/server.js b/server.js
index 5007711..49d8300 100644
--- a/server.js
+++ b/server.js
@@ -47,6 +47,7 @@ http.createServer(function(request, response) {
   if (incoming.pathname.match(/^\/documents$/) && request.method == 'POST') {
     handler = new DocumentHandler({
       keyLength: config.keyLength,
+      maxLength: config.maxLength,
       store: preferredStore()
     });
     return handler.handlePost(request, response);