Re: [mod-security-users] SecRequestBodyLimit > 2GB
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] SecRequestBodyLimit > 2GB
|
From: Crawford, A. (IT) <And...@ni...> - 2007-11-29 17:24:19
|
Thanks Ivan! I tried disabling ModSecurity using the directives below, =
and while it did prevent the files from being written to disk (SecTmpDir =
and SecUploadDir), it did not remove the request body size restriction. =
I thought maybe the content length check might be happening outside of =
the other rule processing, but that was just a na=EFve guess on my part. =
If you believe the directives below should actually remove the size =
restriction, I'll keep digging into it!=20
<LocationMatch ^/workspaces/UploadServlet>
SecRuleEngine Off
</LocationMatch>
Thanks again,=20
Andrew Crawford=20
Global Brand IT; Nike, Inc.=20
Desk: (503) 532-2232=20
Cell: (503) 913-6570=20
-----Original Message-----
From: Ivan Ristic [mailto:iva...@gm...]=20
Sent: Thursday, November 29, 2007 1:08 AM
To: Crawford, Andrew (IT)
Cc: mod...@li...
Subject: Re: [mod-security-users] SecRequestBodyLimit > 2GB
Hi Andrew,
On Nov 27, 2007 6:58 PM, Crawford, Andrew (IT) =
<And...@ni...> wrote:
>
> Hello,
>
> I have Apache (reverse proxy) with ModSecurity fronting a digital =
asset
> management system. My users sometimes upload very large files into =
the
> system, so we increased the hard coded "SecRequestBodyLimit" from 1GB =
to
> [just under] 2GB by making a pretty simple change in the code. This =
has
> worked well, but now we're looking at handling video files within the
> application, and these will typically run well beyond 2GB.
>
> In the latest releases of mod_proxy_http and mod_jk, both modules =
converted
> the request body to 64bit unsigned data types to handle huge file =
transfers.
> Could this be done within mod_security as well?
I am sure it could, we just need to allocate some time to do it. In
the meantime,
have you consider disabling ModSecurity for the part of the application =
that
handles file uploads? I am guessing you are not inspecting content there =
anyway
as that would be too inefficient?
>
>
>
> Thanks,
>
> Andrew
>
>
> =
-------------------------------------------------------------------------=
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>
--=20
Ivan Ristic
|
