Re: [mod-security-users] Request Body Size Issue
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <Ryan.Barnett@Breach.com> - 2008-07-25 21:22:40
|
This brings up and issue that often confuses people - the setting that is causing this is the SecRequestBodyLimit directive - http://www.modsecurity.org/documentation/modsecurity-apache/2.5.5/modsec urity2-apache-reference.html#N106FA This is NOT a rule but a config directive, which means that it can not be controlled by turning off the SecRuleEngine. Can either update the setting globally or you can dynamically increase it base on a URL location and use the "ctl" action (http://www.modsecurity.org/documentation/modsecurity-apache/2.5.5/modse curity2-apache-reference.html#N113B4) in a rule. Hope this helps. -- Ryan C. Barnett ModSecurity Community Manager Breach Security: Director of Application Security Web Application Security Consortium (WASC) Member CIS Apache Benchmark Project Lead SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC Author: Preventing Web Attacks with Apache ________________________________ From: mod...@li... [mailto:mod...@li...] On Behalf Of Crawford, Andrew (IT) Sent: Friday, July 25, 2008 5:10 PM To: mod...@li... Subject: [mod-security-users] Request Body Size Issue Hi all, I am trying to figure out how to bypass the 1GB file size limit imposed by ModSecurity, and so far without any luck. I upgraded to ModSecurity 2.5.5, and it's running in Apache 2.2.8. Both are working great - no problems aside from the size limit issue. I set the file size limit in ModSecurity to 50MB for testing, then I added the Apache directive below, hoping that ModSecurity would sort of "move out of the way" for specific upload URL's. I originally tried using "SecRequestBodyAccess Off", but then realized this probably wouldn't work, since it was likely looking at the "Content Length" header for incoming file size. <LocationMatch "/workspaces/UploadServlet"> SecRuleEngine Off </LocationMatch> When I upload a 58MB file, I get the ModSecurity message below. Does anyone know how to effectively turn ModSecurity off for huge file uploads (assuming they always happen on a known URL)? If ModSecurity is using a signed long for holding the content size, anything over 2GB might cause significant problems for the request, is that right? --00005aa3-A-- [25/Jul/2008:13:41:44 --0700] M6vg0JLFFc0AAC7jJDsAAAAH 10.194.193.170 3934 146.197.210.215 80 --00005aa3-B-- POST /workspaces/UploadServlet HTTP/1.1 Host: bnx-qa.nike.com Cookie: JSESSIONID=5ACD6DFC7F6B57907170DC0D5C155C42 User-Agent: Upload-Applet Accept: test/plain;q=0.8,*/*;q=0.5 Content-type: multipart/form-data; boundary=---------------------------aqw3gvr5ic1 Content-length: 60855160 --00005aa3-F-- HTTP/1.1 413 Request Entity Too Large Content-Length: 353 Connection: close Content-Type: text/html; charset=iso-8859-1 --00005aa3-H-- Message: Request body is larger than the configured limit (52428800). Stopwatch: 1217018504929488 6297 (- - -) Producer: ModSecurity for Apache/2.5.5 (http://www.modsecurity.org/). Server: Apache --00005aa3-Z-- Andrew Crawford | Global Brand IT | Nike, Inc. Desk: (503) 532-2232 Cell: (503) 913-6570 |