On Tue, Jun 7, 2011 at 11:43, Piotr Koper <piotr.koper@gmail.com> wrote:
Config:

    SecRuleEngine DetectionOnly
    SecRequestBodyAccess On
    SecRequestBodyLimit 10

Result with big POST:

proxy host:
[Tue Jun 07 10:40:51 2011] [error] [client a.b.c.d] ModSecurity: Request body (Content-Length) is larger than the configured limit (2048). [hostname "test"] [uri "/test"] [unique_id "Te3kEwoNzNMAACBtAX0AAAAA"]


Should be:
[Tue Jun 07 10:40:51 2011] [error] [client a.b.c.d] ModSecurity: Request body (Content-Length) is larger than the configured limit (10). [hostname "test"] [uri "/test"] [unique_id "Te3kEwoNzNMAACBtAX0AAAAA"]

 
the request is then passed to the mod_proxy_balancer and to the another host with but the application gets corrupted data - data is truncated to the SecRequestBodyLimit.

I've also tried setting "SecRuleEngine On" with "SecRequestBodyLimitAction ProcessPartial" but the result is the same - proxied POST data is corrupted.

Removing SecRuleEngine from the configuration couses proxying without any problems.


Please, help.