We've got a modsecurity WAF protecting a Docushare server, which uses POSTs for file uploads (ie not PUT)

Users need to upload DVDs to the site - which means 4Gig+ POSTs. I think they have to go through RAM before hitting disk? Apache has a "LimitRequestBody" variable which appears to have a hardwired limit of 2G - but also says it doesn't apply to proxy connections - so I don't know if that's even relevant.

Can someone confirm or deny such large POSTs are possible? I'm wondering if these POSTs can actually be buffered to disk as this WAF only has 4G RAM and I want to know if I have to get more RAM :-/


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1