[Mod-security-developers] Apache2: SecRequestBodyLimitAction ProcessPartial corrupts POST data in proxy configuration

[Piotr K. <pio...@gm...>]

Config:

    SecRuleEngine DetectionOnly
    SecRequestBodyAccess On
    SecRequestBodyLimit 10

Result with big POST:

proxy host:
[Tue Jun 07 10:40:51 2011] [error] [client a.b.c.d] ModSecurity: Request
body (Content-Length) is larger than the configured limit (2048). [hostname
"test"] [uri "/test"] [unique_id "Te3kEwoNzNMAACBtAX0AAAAA"]

the request is then passed to the mod_proxy_balancer and to the another host
with but the application gets corrupted data - data is truncated to the
SecRequestBodyLimit.

I've also tried setting "SecRuleEngine On" with "SecRequestBodyLimitAction
ProcessPartial" but the result is the same - proxied POST data is corrupted.

Removing SecRuleEngine from the configuration couses proxying without any
problems.


I'd like to add that low SecRequestBodyLimit is essential for me.

Cheers,
Peter