diff --git a/lib/ns/interfacemgr.c b/lib/ns/interfacemgr.c
index a70027a4cd..f52127cd8f 100644
--- a/lib/ns/interfacemgr.c
+++ b/lib/ns/interfacemgr.c
@@ -929,12 +929,9 @@ clearlistenon(ns_interfacemgr_t *mgr) {
 }
 
 static void
-replace_listener_tlsctx(ns_interfacemgr_t *mgr, ns_interface_t *ifp,
-			isc_tlsctx_t *newctx) {
+replace_listener_tlsctx(ns_interface_t *ifp, isc_tlsctx_t *newctx) {
 	char sabuf[ISC_SOCKADDR_FORMATSIZE];
-	REQUIRE(NS_INTERFACE_VALID(ifp));
 
-	LOCK(&mgr->lock);
 	isc_sockaddr_format(&ifp->addr, sabuf, sizeof(sabuf));
 	isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_INFO,
 		      "updating TLS context on %s", sabuf);
@@ -944,6 +941,41 @@ replace_listener_tlsctx(ns_interfacemgr_t *mgr, ns_interface_t *ifp,
 	} else if (ifp->http_secure_listensocket != NULL) {
 		isc_nmsocket_set_tlsctx(ifp->http_secure_listensocket, newctx);
 	}
+}
+
+static void
+update_http_settings(ns_interface_t *ifp, ns_listenelt_t *le) {
+	REQUIRE(le->is_http);
+
+	INSIST(ifp->http_quota != NULL);
+	isc_quota_max(ifp->http_quota, le->http_max_clients);
+}
+
+static void
+update_listener_configuration(ns_interfacemgr_t *mgr, ns_interface_t *ifp,
+			      ns_listenelt_t *le) {
+	REQUIRE(NS_INTERFACEMGR_VALID(mgr));
+	REQUIRE(NS_INTERFACE_VALID(ifp));
+	REQUIRE(le != NULL);
+
+	LOCK(&mgr->lock);
+	/*
+	 * We need to update the TLS contexts
+	 * inside the TLS/HTTPS listeners during
+	 * a reconfiguration because the
+	 * certificates could have been changed.
+	 */
+	if (le->sslctx != NULL) {
+		replace_listener_tlsctx(ifp, le->sslctx);
+	}
+
+	/*
+	 * Let's update HTTP listener settings
+	 * on reconfiguration.
+	 */
+	if (le->is_http) {
+		update_http_settings(ifp, le);
+	}
 	UNLOCK(&mgr->lock);
 }
 
@@ -1027,15 +1059,9 @@ do_scan(ns_interfacemgr_t *mgr, bool verbose, bool config) {
 						      sabuf, ifp->dscp);
 				}
 				if (LISTENING(ifp)) {
-					/*
-					 * We need to update the TLS contexts
-					 * inside the TLS/HTTPS listeners during
-					 * a reconfiguration because the
-					 * certificates could have been changed.
-					 */
-					if (config && le->sslctx != NULL) {
-						replace_listener_tlsctx(
-							mgr, ifp, le->sslctx);
+					if (config) {
+						update_listener_configuration(
+							mgr, ifp, le);
 					}
 					continue;
 				}
@@ -1192,17 +1218,10 @@ do_scan(ns_interfacemgr_t *mgr, bool verbose, bool config) {
 						      sabuf, ifp->dscp);
 				}
 				if (LISTENING(ifp)) {
-					/*
-					 * We need to update the TLS contexts
-					 * inside the TLS/HTTPS listeners during
-					 * a reconfiguration because the
-					 * certificates could have been changed.
-					 */
-					if (config && le->sslctx != NULL) {
-						replace_listener_tlsctx(
-							mgr, ifp, le->sslctx);
+					if (config) {
+						update_listener_configuration(
+							mgr, ifp, le);
 					}
-
 					continue;
 				}
 			}