I came too late to write anything relevant that @Sob and @pe1chl haven’t already written.
If I had to address the same issue, I’d follow @inteq’s recommendation to limit bandwith. Limiting download size is tricky because you can actually only limit the amount of data transferred within a single TCP (or maybe even QUIC) session, but well-written applications reuse each TCP session for several transfers to avoid ephemeral port exhaustion which is caused by the 2’30" guard time after closing a session before the same socket can be used for a new TCP session to the same destination, and the browsers often annoy the user if they get an unexpected TCP reset.