• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Resolved modsecurity POST failure with 413 Request Entity too large?

raytracy

raytracy

Basic Pleskian
My modsecurity has blocked some normal POST and logged with:

--9673be0a-F--
HTTP/1.1 413 Request Entity Too Large
Content-Length: 373
Connection: close
Content-Type: text/html; charset=iso-8859-1

--9673be0a-H--
Message: Request body no files data length is larger than the configured limit (1048576).. Deny with
code (413)

Is there any way to increase the modsecurity POST limit from 1048576 to more?
 
Hi raytracy,

when switching on "Web Application Firewall ( ModSecurity )" with a pre-defined rule-set, you are still able to customize your own, unique rules, which can overwrite existent ones. Pls. follow for example The "Atomic Wiki" at



Note:
The initial, default "SecRequestBodyLimit" setting is defined with a liberal 128 MB ( = 134217728 byte ) - limit.

The initial, default "SecRequestBodyNoFilesLimit" setting is defined with a liberal 1 MB ( = 1048576 byte ) - limit.
Actually, it is NOT recommended to raise this limit... it is rather documented by most server provider to REDUCE this limit to for example 131072 byte ( 128 KB ! ), due to the fact that this setting should be as low as possible/pratical.

For a unique ( not recommended !!! ) 512 MB - limit at "SecRequestBodyLimit" use:
Code: 
SecRequestBodyLimit 536870912

For a unique ( not recommended !!! ) 10 MB - limit at "SecRequestBodyNoFilesLimit" use:
Code: 
SecRequestBodyNoFilesLimit 10485760

Important note:
Be aware, that there is a HARD LIMIT of 1 GB for "SecRequestBodyLimit", which can't be overwritten!
Be aware, that there is a HARD LIMIT of 1 GB for "SecRequestBodyNoFilesLimit", which can't be overwritten!
Note as well, that IF you customize rules, you do this on your very own risk and without the support from Plesk, or the vendor support from the pre-defined rule-set provider!

Pls. consider as well to read the official documentation at => https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual for further informations!​
 
UFHH01 said:
Hi raytracy,

when switching on "Web Application Firewall ( ModSecurity )" with a pre-defined rule-set, you are still able to customize your own, unique rules, which can overwrite existent ones. Pls. follow for example The "Atomic Wiki" at



Note:
The initial, default "SecRequestBodyLimit" setting is defined with a liberal 128 MB ( = 134217728 byte ) - limit.

The initial, default "SecRequestBodyNoFilesLimit" setting is defined with a liberal 1 MB ( = 1048576 byte ) - limit.
Actually, it is NOT recommended to raise this limit... it is rather documented by most server provider to REDUCE this limit to for example 131072 byte ( 128 KB ! ), due to the fact that this setting should be as low as possible/pratical.

For a unique ( not recommended !!! ) 512 MB - limit at "SecRequestBodyLimit" use:
Code: 
SecRequestBodyLimit 536870912
For a unique ( not recommended !!! ) 10 MB - limit at "SecRequestBodyNoFilesLimit" use:
Code: 
SecRequestBodyNoFilesLimit 10485760

Important note:
Be aware, that there is a HARD LIMIT of 1 GB for "SecRequestBodyLimit", which can't be overwritten!
Be aware, that there is a HARD LIMIT of 1 GB for "SecRequestBodyNoFilesLimit", which can't be overwritten!
Note as well, that IF you customize rules, you do this on your very own risk and without the support from Plesk, or the vendor support from the pre-defined rule-set provider!

Pls. consider as well to read the official documentation at => https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual for further informations!​
Click to expand...

It is valuable info for me!! I will tune it carefully.

By the way, where is the correct config file that I should add these directives?
I have found some in /etc/httpd/conf/plesk.conf.d/server.conf:

<IfModule mod_security2.c>
SecRuleEngine On
SecRequestBodyAccess On
SecRequestBodyLimit 134217728
SecResponseBodyAccess On
SecResponseBodyLimit 524288
SecAuditEngine RelevantOnly
SecAuditLog "/var/log/modsec_audit.log"
SecAuditLogType serial
SecRuleRemoveById "340149,340162,350147,340159"
Include "/etc/httpd/conf/plesk.conf.d/modsecurity.conf"
</IfModule>

But it looks like that will be modified by Plesk and wipe out my customization?
 
raytracy said:
But it looks like that will be modified by Plesk and wipe out my customization?
Click to expand...
... correct... that's why I linked to the wiki - page, where is it very well described, how you setup YOUR OWN modifications. ;)

Quoted from the Wiki - page of Atomicorp:
Installing custom rules
Step 1) Create your custom rules directory:

mkdir /etc/httpd/modsecurity.custom.d
....
....
Click to expand...
 
You must log in or register to reply here.

Similar threads

C
Resolved Plesk Obsidian Version 18.0.56 Update #4 on Ubuntu 22.04.3 LTS ModSecurity upload error on WordPress
Replies
1
Views
654
copec
C
A
Issue 413 Request Entity Too Large after changing client_max_body_size
Replies
2
Views
2K
Anbosuki
A
LionKing
Resolved Max post size for Apache web server?
Replies
14
Views
4K
LionKing
LionKing
D
Resolved Can't see original apache response using curl -lv mydomain.com:7080
Replies
3
Views
914
Nik G
N
P
Issue html head title 413 request entity too large /title /head body Laravel Website
Replies
3
Views
2K
psclip
P
Back
Top