Thread: [mod-security-users] SecRequestBodyLimit > 2GB
Brought to you by:
victorhora,
zimmerletw
From: Crawford, A. (IT) <And...@ni...> - 2007-11-27 18:59:11
|
Hello,=20 =20 I have Apache (reverse proxy) with ModSecurity fronting a digital asset management system. My users sometimes upload very large files into the system, so we increased the hard coded "SecRequestBodyLimit" from 1GB to [just under] 2GB by making a pretty simple change in the code. This has worked well, but now we're looking at handling video files within the application, and these will typically run well beyond 2GB. =20 =20 In the latest releases of mod_proxy_http and mod_jk, both modules converted the request body to 64bit unsigned data types to handle huge file transfers. Could this be done within mod_security as well? =20 =20 Thanks,=20 Andrew =20 |
From: Ivan R. <iva...@gm...> - 2007-11-29 09:08:15
|
Hi Andrew, On Nov 27, 2007 6:58 PM, Crawford, Andrew (IT) <And...@ni...> wrote: > > Hello, > > I have Apache (reverse proxy) with ModSecurity fronting a digital asset > management system. My users sometimes upload very large files into the > system, so we increased the hard coded "SecRequestBodyLimit" from 1GB to > [just under] 2GB by making a pretty simple change in the code. This has > worked well, but now we're looking at handling video files within the > application, and these will typically run well beyond 2GB. > > In the latest releases of mod_proxy_http and mod_jk, both modules converted > the request body to 64bit unsigned data types to handle huge file transfers. > Could this be done within mod_security as well? I am sure it could, we just need to allocate some time to do it. In the meantime, have you consider disabling ModSecurity for the part of the application that handles file uploads? I am guessing you are not inspecting content there anyway as that would be too inefficient? > > > > Thanks, > > Andrew > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > -- Ivan Ristic |
From: Crawford, A. (IT) <And...@ni...> - 2007-11-29 17:24:19
|
Thanks Ivan! I tried disabling ModSecurity using the directives below, = and while it did prevent the files from being written to disk (SecTmpDir = and SecUploadDir), it did not remove the request body size restriction. = I thought maybe the content length check might be happening outside of = the other rule processing, but that was just a na=EFve guess on my part. = If you believe the directives below should actually remove the size = restriction, I'll keep digging into it!=20 <LocationMatch ^/workspaces/UploadServlet> SecRuleEngine Off </LocationMatch> Thanks again,=20 Andrew Crawford=20 Global Brand IT; Nike, Inc.=20 Desk: (503) 532-2232=20 Cell: (503) 913-6570=20 -----Original Message----- From: Ivan Ristic [mailto:iva...@gm...]=20 Sent: Thursday, November 29, 2007 1:08 AM To: Crawford, Andrew (IT) Cc: mod...@li... Subject: Re: [mod-security-users] SecRequestBodyLimit > 2GB Hi Andrew, On Nov 27, 2007 6:58 PM, Crawford, Andrew (IT) = <And...@ni...> wrote: > > Hello, > > I have Apache (reverse proxy) with ModSecurity fronting a digital = asset > management system. My users sometimes upload very large files into = the > system, so we increased the hard coded "SecRequestBodyLimit" from 1GB = to > [just under] 2GB by making a pretty simple change in the code. This = has > worked well, but now we're looking at handling video files within the > application, and these will typically run well beyond 2GB. > > In the latest releases of mod_proxy_http and mod_jk, both modules = converted > the request body to 64bit unsigned data types to handle huge file = transfers. > Could this be done within mod_security as well? I am sure it could, we just need to allocate some time to do it. In the meantime, have you consider disabling ModSecurity for the part of the application = that handles file uploads? I am guessing you are not inspecting content there = anyway as that would be too inefficient? > > > > Thanks, > > Andrew > > > = -------------------------------------------------------------------------= > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2005. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > > --=20 Ivan Ristic |