diff --git a/socketserver/server/handlecore.go b/socketserver/server/handlecore.go
index f068e142..900a74d5 100644
--- a/socketserver/server/handlecore.go
+++ b/socketserver/server/handlecore.go
@@ -203,9 +203,19 @@ func HTTPHandleRootURL(w http.ResponseWriter, r *http.Request) {
 		if Statistics.SysMemFreeKB > 0 && Statistics.SysMemFreeKB < Configuration.MinMemoryKBytes {
 			atomic.AddUint64(&Statistics.LowMemDroppedConnections, 1)
 			w.WriteHeader(503)
+			fmt.Fprint(w, "error: low memory")
 			return
 		}
 
+		if Configuration.MaxClientCount != 0 {
+			curClients := atomic.LoadUint64(&Statistics.CurrentClientCount)
+			if curClients >= Configuration.MaxClientCount {
+				w.WriteHeader(503)
+				fmt.Fprint(w, "error: client limit reached")
+				return
+			}
+		}
+
 		conn, err := SocketUpgrader.Upgrade(w, r, nil)
 		if err != nil {
 			fmt.Fprintf(w, "error: %v", err)
diff --git a/socketserver/server/types.go b/socketserver/server/types.go
index d827912c..04614b2a 100644
--- a/socketserver/server/types.go
+++ b/socketserver/server/types.go
@@ -16,17 +16,24 @@ const NegativeOne = ^uint64(0)
 type ConfigFile struct {
 	// Numeric server id known to the backend
 	ServerID      int
+	// Address to bind the HTTP server to on startup.
 	ListenAddr    string
+	// Address to bind the TLS server to on startup.
 	SSLListenAddr string
 	// URL to the backend server
 	BackendURL string
 
 	// Minimum memory to accept a new connection
 	MinMemoryKBytes uint64
+	// Maximum # of clients that can be connected. 0 to disable.
+	MaxClientCount  uint64
 
 	// SSL/TLS
+	// Enable the use of SSL.
 	UseSSL             bool
+	// Path to certificate file.
 	SSLCertificateFile string
+	// Path to key file.
 	SSLKeyFile         string
 
 	UseESLogStashing bool
@@ -39,6 +46,7 @@ type ConfigFile struct {
 	OurPublicKey     []byte
 	BackendPublicKey []byte
 
+	// Request username validation from all new clients.
 	SendAuthToNewClients bool
 }