diff --git a/NEWS b/NEWS
index ce6836d1..2256b338 100644
--- a/NEWS
+++ b/NEWS
@@ -28,6 +28,7 @@ NEWS
   * Fix bug with FastCGI request id overflow under high load; just use always id 1 as we don't use multiplexing. (thx jgray)
   * Add some dirlisting enhancements (fixes #1458)
   * Add option to enable TCP_DEFER_ACCEPT (fixes #1447)
+  * Limit amount of bytes read for one read-event (fixes #1070)
 
 - 1.4.22 - 2009-03-07
   * Fix wrong lua type for CACHE_MISS/CACHE_HIT in mod_cml (fixes #533)
diff --git a/src/connections.c b/src/connections.c
index b8dc49aa..799aadd6 100644
--- a/src/connections.c
+++ b/src/connections.c
@@ -192,7 +192,7 @@ static void dump_packet(const unsigned char *data, size_t len) {
 
 static int connection_handle_read_ssl(server *srv, connection *con) {
 #ifdef USE_OPENSSL
-	int r, ssl_err, len;
+	int r, ssl_err, len, count = 0;
 	buffer *b = NULL;
 
 	if (!con->conf.is_ssl) return -1;
@@ -221,10 +221,11 @@ static int connection_handle_read_ssl(server *srv, connection *con) {
 		       	/* we move the buffer to the chunk-queue, no need to free it */
 
 			chunkqueue_append_buffer_weak(con->read_queue, b);
+			count += len;
 			con->bytes_read += len;
 			b = NULL;
 		}
-	} while (len > 0);
+	} while (len > 0 && count < MAX_READ_LIMIT);
 
 
 	if (len < 0) {
@@ -334,6 +335,7 @@ static int connection_handle_read(server *srv, connection *con) {
 		b = chunkqueue_get_append_buffer(con->read_queue);
 		buffer_prepare_copy(b, 4 * 1024);
 	} else {
+		if (toread > MAX_READ_LIMIT) toread = MAX_READ_LIMIT;
 		b = chunkqueue_get_append_buffer(con->read_queue);
 		buffer_prepare_copy(b, toread + 1);
 	}
diff --git a/src/settings.h b/src/settings.h
index 349fc200..8d74c4aa 100644
--- a/src/settings.h
+++ b/src/settings.h
@@ -13,6 +13,7 @@
  * 64kB (no real reason, just a guess)
  */
 #define BUFFER_MAX_REUSE_SIZE  (4 * 1024)
+#define MAX_READ_LIMIT (4*1024*1024)
 
 /**
  * max size of the HTTP request header