• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved modsecurity POST failure with 413 Request Entity too large?

raytracy

raytracy

Basic Pleskian
My modsecurity has blocked some normal POST and logged with:

--9673be0a-F--
HTTP/1.1 413 Request Entity Too Large
Content-Length: 373
Connection: close
Content-Type: text/html; charset=iso-8859-1

--9673be0a-H--
Message: Request body no files data length is larger than the configured limit (1048576).. Deny with
code (413)

Is there any way to increase the modsecurity POST limit from 1048576 to more?
 
Hi raytracy,

when switching on "Web Application Firewall ( ModSecurity )" with a pre-defined rule-set, you are still able to customize your own, unique rules, which can overwrite existent ones. Pls. follow for example The "Atomic Wiki" at



Note:
The initial, default "SecRequestBodyLimit" setting is defined with a liberal 128 MB ( = 134217728 byte ) - limit.

The initial, default "SecRequestBodyNoFilesLimit" setting is defined with a liberal 1 MB ( = 1048576 byte ) - limit.
Actually, it is NOT recommended to raise this limit... it is rather documented by most server provider to REDUCE this limit to for example 131072 byte ( 128 KB ! ), due to the fact that this setting should be as low as possible/pratical.

For a unique ( not recommended !!! ) 512 MB - limit at "SecRequestBodyLimit" use:
Code: 
SecRequestBodyLimit 536870912

For a unique ( not recommended !!! ) 10 MB - limit at "SecRequestBodyNoFilesLimit" use:
Code: 
SecRequestBodyNoFilesLimit 10485760

Important note:
Be aware, that there is a HARD LIMIT of 1 GB for "SecRequestBodyLimit", which can't be overwritten!
Be aware, that there is a HARD LIMIT of 1 GB for "SecRequestBodyNoFilesLimit", which can't be overwritten!
Note as well, that IF you customize rules, you do this on your very own risk and without the support from Plesk, or the vendor support from the pre-defined rule-set provider!

Pls. consider as well to read the official documentation at => https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual for further informations!​
 
UFHH01 said:
Hi raytracy,

when switching on "Web Application Firewall ( ModSecurity )" with a pre-defined rule-set, you are still able to customize your own, unique rules, which can overwrite existent ones. Pls. follow for example The "Atomic Wiki" at



Note:
The initial, default "SecRequestBodyLimit" setting is defined with a liberal 128 MB ( = 134217728 byte ) - limit.

The initial, default "SecRequestBodyNoFilesLimit" setting is defined with a liberal 1 MB ( = 1048576 byte ) - limit.
Actually, it is NOT recommended to raise this limit... it is rather documented by most server provider to REDUCE this limit to for example 131072 byte ( 128 KB ! ), due to the fact that this setting should be as low as possible/pratical.

For a unique ( not recommended !!! ) 512 MB - limit at "SecRequestBodyLimit" use:
Code: 
SecRequestBodyLimit 536870912
For a unique ( not recommended !!! ) 10 MB - limit at "SecRequestBodyNoFilesLimit" use:
Code: 
SecRequestBodyNoFilesLimit 10485760

Important note:
Be aware, that there is a HARD LIMIT of 1 GB for "SecRequestBodyLimit", which can't be overwritten!
Be aware, that there is a HARD LIMIT of 1 GB for "SecRequestBodyNoFilesLimit", which can't be overwritten!
Note as well, that IF you customize rules, you do this on your very own risk and without the support from Plesk, or the vendor support from the pre-defined rule-set provider!

Pls. consider as well to read the official documentation at => https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual for further informations!​
Click to expand...

It is valuable info for me!! I will tune it carefully.

By the way, where is the correct config file that I should add these directives?
I have found some in /etc/httpd/conf/plesk.conf.d/server.conf:

<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecRequestBodyLimit 134217728
SecResponseBodyAccess On
SecResponseBodyLimit 524288
SecAuditEngine RelevantOnly
SecAuditLog "/var/log/modsec_audit.log"
SecAuditLogType serial
SecRuleRemoveById "340149,340162,350147,340159"
Include "/etc/httpd/conf/plesk.conf.d/modsecurity.conf"
</IfModule>

But it looks like that will be modified by Plesk and wipe out my customization?
 
raytracy said:
But it looks like that will be modified by Plesk and wipe out my customization?
Click to expand...
... correct... that's why I linked to the wiki - page, where is it very well described, how you setup YOUR OWN modifications. ;)

Quoted from the Wiki - page of Atomicorp:
Installing custom rules
Step 1) Create your custom rules directory:

mkdir /etc/httpd/modsecurity.custom.d
....
....
Click to expand...
 
You must log in or register to reply here.

Similar threads

C
Resolved Plesk Obsidian Version 18.0.56 Update #4 on Ubuntu 22.04.3 LTS ModSecurity upload error on WordPress
Replies
1
Views
1K
copec
C
A
Issue 502 Gateway error with HTTP POST Requests but not GET requests
Replies
3
Views
961
Maarten
M
A
Issue 413 Request Entity Too Large after changing client_max_body_size
Replies
2
Views
3K
Anbosuki
A
LionKing
Resolved Max post size for Apache web server?
Replies
14
Views
7K
LionKing
LionKing
D
Resolved Can't see original apache response using curl -lv mydomain.com:7080
Replies
3
Views
1K
Nik G
N
Back
Top