diff --git a/include/haproxy/defaults.h b/include/haproxy/defaults.h
index 35317b7af..f19db2ceb 100644
--- a/include/haproxy/defaults.h
+++ b/include/haproxy/defaults.h
@@ -106,6 +106,11 @@
 #define LINESIZE	2048
 #endif
 
+// maximum size of a configuration file that could be loaded in memory via
+// /dev/sdtin. This is needed to prevent from loading extremely large files
+// via standard input.
+#define MAX_CFG_SIZE	10485760
+
 // max # args on a configuration line
 #define MAX_LINE_ARGS   64
 
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 09b5b3a84..4296e47e8 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -1784,6 +1784,13 @@ ssize_t load_cfg_in_mem(char *filename, char **cfg_content)
 	*cfg_content = NULL;
 
 	while (1) {
+		if (!file_stat.st_size && ((read_bytes + bytes_to_read) > MAX_CFG_SIZE)) {
+			ha_alert("Loading %s: input is too large %ldMB, limited to %dMB. Exiting.\n",
+				 filename, (long)(read_bytes + bytes_to_read)/(1024*1024),
+				 MAX_CFG_SIZE/(1024*1024));
+			goto free_mem;
+		}
+
 		if (read_bytes + bytes_to_read > chunk_size) {
 			chunk_size = (read_bytes + bytes_to_read) * 2;
 			new_area  = realloc(*cfg_content, chunk_size);