diff --git a/lib/base/netstring.cpp b/lib/base/netstring.cpp
index e77a41285..f23853864 100644
--- a/lib/base/netstring.cpp
+++ b/lib/base/netstring.cpp
@@ -87,7 +87,7 @@ StreamReadStatus NetString::ReadStringFromStream(const Stream::Ptr& stream, Stri
 
 	if (maxMessageLength >= 0 && data_length > maxMessageLength) {
 		std::stringstream errorMessage;
-		errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024 / 1024) << " MB";
+		errorMessage << "Max data length exceeded: " << (maxMessageLength / 1024) << " KB";
 
 		BOOST_THROW_EXCEPTION(std::invalid_argument(errorMessage.str()));
 	}
diff --git a/lib/remote/apilistener.cpp b/lib/remote/apilistener.cpp
index 107c142b7..65adce3be 100644
--- a/lib/remote/apilistener.cpp
+++ b/lib/remote/apilistener.cpp
@@ -546,8 +546,12 @@ void ApiListener::NewClientHandlerInternal(const Socket::Ptr& client, const Stri
 			endpoint->AddClient(aclient);
 
 			m_SyncQueue.Enqueue(boost::bind(&ApiListener::SyncClient, this, aclient, endpoint, needSync));
-		} else
-			AddAnonymousClient(aclient);
+		} else {
+			if (!AddAnonymousClient(aclient)) {
+				Log(LogNotice, "ApiListener", "Ignoring anonymous JSON-RPC connection. Max connections exceeded.");
+				aclient->Disconnect();
+			}
+		}
 	} else {
 		Log(LogNotice, "ApiListener", "New HTTP client");
 
@@ -1358,10 +1362,14 @@ double ApiListener::CalculateZoneLag(const Endpoint::Ptr& endpoint)
 	return 0;
 }
 
-void ApiListener::AddAnonymousClient(const JsonRpcConnection::Ptr& aclient)
+bool ApiListener::AddAnonymousClient(const JsonRpcConnection::Ptr& aclient)
 {
 	boost::mutex::scoped_lock lock(m_AnonymousClientsLock);
+	if (m_AnonymousClients.size() > 25)
+		return false;
+
 	m_AnonymousClients.insert(aclient);
+	return true;
 }
 
 void ApiListener::RemoveAnonymousClient(const JsonRpcConnection::Ptr& aclient)
diff --git a/lib/remote/apilistener.hpp b/lib/remote/apilistener.hpp
index 1ce70316c..da492517c 100644
--- a/lib/remote/apilistener.hpp
+++ b/lib/remote/apilistener.hpp
@@ -79,7 +79,7 @@ public:
 	static void StatsFunc(const Dictionary::Ptr& status, const Array::Ptr& perfdata);
 	std::pair<Dictionary::Ptr, Dictionary::Ptr> GetStatus(void);
 
-	void AddAnonymousClient(const JsonRpcConnection::Ptr& aclient);
+	bool AddAnonymousClient(const JsonRpcConnection::Ptr& aclient);
 	void RemoveAnonymousClient(const JsonRpcConnection::Ptr& aclient);
 	std::set<JsonRpcConnection::Ptr> GetAnonymousClients(void) const;