diff --git a/services/web/server/docker/boot.sh b/services/web/server/docker/boot.sh
index 1fa26ebbda9..07e12ec2a54 100755
--- a/services/web/server/docker/boot.sh
+++ b/services/web/server/docker/boot.sh
@@ -58,7 +58,8 @@ echo "$INFO" "GUNICORN_CMD_ARGS: $GUNICORN_CMD_ARGS"
 if [ "${SC_BOOT_MODE}" = "debug" ]; then
   # NOTE: ptvsd is programmatically enabled inside of the service
   # this way we can have reload in place as well
-  exec python -Xfrozen_modules=off -m debugpy --listen 0.0.0.0:"${WEBSERVER_REMOTE_DEBUGGING_PORT}" -m gunicorn simcore_service_webserver.cli:app_factory \
+  exec python -Xfrozen_modules=off -m debugpy --listen 0.0.0.0:"${WEBSERVER_REMOTE_DEBUGGING_PORT}" -m \
+    gunicorn simcore_service_webserver.cli:create_app_runner \
     --log-level="${SERVER_LOG_LEVEL}" \
     --bind 0.0.0.0:8080 \
     --worker-class aiohttp.GunicornUVLoopWebWorker \
@@ -71,7 +72,7 @@ if [ "${SC_BOOT_MODE}" = "debug" ]; then
 
 else
 
-  exec gunicorn simcore_service_webserver.cli:app_factory \
+  exec gunicorn simcore_service_webserver.cli:create_app_runner \
     --log-level="${SERVER_LOG_LEVEL}" \
     --bind 0.0.0.0:8080 \
     --worker-class aiohttp.GunicornUVLoopWebWorker \
@@ -79,5 +80,8 @@ else
     --name="webserver_$(hostname)_$(date +'%Y-%m-%d_%T')_$$" \
     --access-logfile='-' \
     --access-logformat='%a %t "%r" %s %b [%Dus] "%{Referer}i" "%{User-Agent}i"' \
-    --worker-tmp-dir=/dev/shm
+    --worker-tmp-dir=/dev/shm \
+    --limit-request-line 4094 \
+    --limit-request-fields 100 \
+    --limit-request-field_size 8190
 fi
diff --git a/services/web/server/src/simcore_service_webserver/cli.py b/services/web/server/src/simcore_service_webserver/cli.py
index de59ad46ddf..8794c8effad 100644
--- a/services/web/server/src/simcore_service_webserver/cli.py
+++ b/services/web/server/src/simcore_service_webserver/cli.py
@@ -83,6 +83,22 @@ async def app_factory() -> web.Application:
     return app
 
 
+_ACCESS_LOG_FMT = '%a %t "%r" %s %b [%Dus] "%{Referer}i" "%{User-Agent}i"'
+
+
+async def create_app_runner() -> web.AppRunner:
+
+    app = await app_factory()
+
+    # Rejects requests that are oversized. Fixes https://github.com/ITISFoundation/osparc-simcore/issues/7979
+    return web.AppRunner(
+        app,
+        access_log_format=_ACCESS_LOG_FMT,
+        max_line_size=4094,  # request line & single header line cap
+        max_field_size=8190,  # per-header field cap
+    )
+
+
 # CLI -------------
 
 main = typer.Typer(name="simcore-service-webserver")