To those asking why a larger buffer size might help with DOS attacks above, I think the point was that it could help the attacker. If you assign client_body_buffer_size to 1M, if a malicious agent opened up 10k simultaneous connections then 10GB of memory would be consumed, leading to possible memory starvation.