urllib2.urlopenreturns an object similar to a file, and you can (at least theoretically) .read(N)limit the amount of data returned in N bytes from such an object.
This approach is not completely insane, because an actively hostile site can go quite a bit to trick a reasonably reliable one, like urlib2 by default; in this case, you will need to implement and install your own knife, which knows how to protect itself from such attacks (for example, at the same time receive no more than MB from an open socket, etc.).