The Hacker News

New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare

HTTP/2 Bomb exploits HPACK and flow control; a single client can hold 32GB memory in 20 seconds, causing server outages.
TechRepublic

How to limit file upload size on NGINX to mitigate DoS attacks

If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks. Out of the box, NGINX sets a limit of 1MB for file uploads.