It depends on how you run your service. If you enable a http-gateway of your own, then yes it is a hard job to filter that content. But you have that same problem with regular http. If users run their own ipfs node, you don't store any content.

You should be able to estimate the size of a hash by getting the object and counting the amount of links in the object. Number of links times the max data size should give a (very) rough size indication. But close enough to distinguish between small and large files.