If you want to limit the size of POST
requests, then the best option is to do it at the level of webserver itself. There are tools for that. Since you most like are using Apache, then you could look into mod_security. Other webservers will have similar options.
When limiting the size of POST
request, one of the risk is the amount of memory that is used for the execution of page. If the data is already in the $_POST
then you are too late.
As for validation and sanitation it should be done either in domain objects, presentation entities or sql ... You validate the logic of input in domain objects. You walidate the structure of data in the SQL constraints. And you sanitize the output in the presentation entities (I don't link to call them "presentation models" because it adds to the confusing about MVC).
The routing mechanism in MVC (which is what "front controller is an aspect of) should just take the input from the user and organize it in a structured Request
instance. This intance then is used by controller's action to pass data on to model layer.
Routing should not be validating the input.