diff --git a/src/reqs.c b/src/reqs.c
index bc77f8c..f33c450 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -864,6 +864,11 @@ add_header_to_connection(hashmap_t hashofheaders, char *header, size_t len)
 	return hashmap_insert(hashofheaders, header, sep, len);
 }
 
+/* define max number of headers. big enough to handle legitimate cases,
+ * but limited to avoid DoS 
+ */
+#define MAX_HEADERS 10000
+
 /*
  * Read all the headers from the stream
  */
@@ -873,11 +878,12 @@ get_all_headers(int fd, hashmap_t hashofheaders)
 	char *header;
 	ssize_t len;
 	unsigned int double_cgi = FALSE; /* boolean */
+	int count;
 
 	assert(fd >= 0);
 	assert(hashofheaders != NULL);
 
-	for (;;) {
+	for (count = 0; count < MAX_HEADERS; count++) {
 		if ((len = readline(fd, &header)) <= 0) {
 			safefree(header);
 			return -1;
@@ -918,6 +924,11 @@ get_all_headers(int fd, hashmap_t hashofheaders)
 
 		safefree(header);
 	}
+
+	/* if we get there, this is we reached MAX_HEADERS count.
+	   bail out with error */
+	safefree (header);
+	return -1;
 }
 
 /*