diff --git a/src/Api/Controllers/CiphersController.cs b/src/Api/Controllers/CiphersController.cs
index 327c9d307d..a7c31f8f9b 100644
--- a/src/Api/Controllers/CiphersController.cs
+++ b/src/Api/Controllers/CiphersController.cs
@@ -622,6 +622,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/attachment/{attachmentId}")]
+        [DisableRequestSizeLimit]
         [DisableFormValueModelBinding]
         public async Task PostFileForExistingAttachment(string id, string attachmentId)
         {
@@ -630,6 +631,11 @@ namespace Bit.Api.Controllers
                 throw new BadRequestException("Invalid content.");
             }
 
+            if (!_globalSettings.SelfHosted)
+            {
+                throw new BadRequestException("Invalid endpoint for non self-hosted servers.");
+            }
+
             var userId = _userService.GetProperUserId(User).Value;
             var cipher = await _cipherRepository.GetByIdAsync(new Guid(id), userId);
             var attachments = cipher?.GetAttachments();
diff --git a/src/Api/Controllers/SendsController.cs b/src/Api/Controllers/SendsController.cs
index b77716680a..66022e9513 100644
--- a/src/Api/Controllers/SendsController.cs
+++ b/src/Api/Controllers/SendsController.cs
@@ -249,6 +249,7 @@ namespace Bit.Api.Controllers
         }
 
         [HttpPost("{id}/file/{fileId}")]
+        [DisableRequestSizeLimit]
         [DisableFormValueModelBinding]
         public async Task PostFileForExistingSend(string id, string fileId)
         {