On Monday 26 October 2009 10:44:19 am Cristóbal Palmer wrote:
> Hello,
>
> I'm trying to up the default on this line:
>
> SecResponseBodyLimit 524288
>
> >From within a <Location "/some/path/"> directive in order to limit
>
> possible impact of the change, but it seems that when I do this the
> new value is ignored. How do I properly limit the scope of a change to
> this setting? Here's a (slightly redacted) version of the error I'm
> seeing:
>
> [Mon Oct 26 10:31:13 2009] [error] [client 172.16.167.48] ModSecurity:
> Output filter: Response body too large (over limit of 524288, total not
> specified). [hostname "example.com"] [uri "/wp-admin/wpmu-edit.php"]
> [unique_id "adpkLkPA-0QAABypFGAAAAAR"]
>
> And here is the directive that I have put in
> modsecurity_crs_60_localrules.conf:
>
> # deleting a user aparently has a huge response body. This is needed to
> make that work <LocationMatch "/wp-admin">
> SecResponseBodyLimit 924288
> </LocationMatch>
>
> Thanks,


Use the ctl action instead - http://www.modsecurity.org/documentation/modsecurity-apache/2.5.10/modsecurity2-apache-reference.html#N116EB


SecRule REQUEST_FILENAME "@beginsWith /wp-admin" "phase:1,t:none,nolog,pass,ctl:responseBodyLimit=924288"


You may also want to look at the SecResponseBodyLimitAction setting to set what you want Mod to do if the response body is too large (block, log, etc...) - http://www.modsecurity.org/documentation/modsecurity-apache/2.5.10/modsecurity2-apache-reference.html#N108B9


Cheers,
Ryan