Re: [mod-security-users] 413 Request Entity Too Large for chunked encoded message
Brought to you by:
victorhora,
zimmerletw
From: Javier C. <jav...@gm...> - 2012-06-09 06:59:39
|
On 9 June 2012 04:44, Mandar Jog <man...@gm...> wrote: > I use mod security to log requset body amongst other things. > This affects my production systems to any help is much appreciated. > > > A particular type of request is a POST of xml data with chunked encoding. > mod_security is rejecting about 20% of these POSTs with a '413 Request > Entity Too Large' > > SecAuditEngine On > SecRuleEngine On > SecRequestBodyLimit 132217728 > SecRequestBodyNoFilesLimit 132217728 > SecRequestBodyInMemoryLimit 132217728 > > I have set these limits to be incredibly high. > even with these I continue to get the 413 errors. I can be asolutely > certain that the POST request is less that 132M like I have > configured. Hi Mandar, do you proxy your requests on a backend using SSL? If yes check the "SSLRenegBufferSize" directive which should be 128KB by default and would generate a 413 if exceeded. This assuming Apache's own limits, like LimitRequestBody and similar directives, are already ok. Hope this helps, regards, Javier > > --58fded3e-A-- > [09/Jun/2012:00:33:20 +0000] T9KZvwr-fhAAAGPsEZUAAACL 10.248.5.170 > 36263 10.255.126.16 80 > --58fded3e-B-- > POST /Y2ZhNjliMTM1YzVkY2MzOTZjMzZmMzg5ZDA1Yzg0N2E= HTTP/1.1 > host: abc.com > Cache-Control: no-cache > Content-type: text/xml > User-Agent: egauge/pusher > X-Forwarded-For: 65.220.109.5 > X-Forwarded-Port: 80 > X-Forwarded-Proto: http > transfer-encoding: chunked > Connection: keep-alive > > --58fded3e-F-- > HTTP/1.1 413 Request Entity Too Large > > --58fded3e-Z-- > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |