[Mod-security-developers] [JIRA] Resolved: (MODSEC-329) Scope of SecRequestBodyNoFilesLimit does not look work under Location directive

[Breno S. P. (JIRA) <no...@mo...>]

     [ https://www.modsecurity.org/tracker/browse/MODSEC-329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Breno Silva Pinto resolved MODSEC-329.
--------------------------------------

    Resolution: Fixed

> Scope of SecRequestBodyNoFilesLimit does not look work under Location directive
> -------------------------------------------------------------------------------
>
>                 Key: MODSEC-329
>                 URL: https://www.modsecurity.org/tracker/browse/MODSEC-329
>             Project: ModSecurity
>          Issue Type: Bug
>      Security Level: Normal
>          Components: Core
>    Affects Versions: 2.6.5
>         Environment: Any
>            Reporter: Benoit Donneaux
>            Assignee: Breno Silva Pinto
>             Fix For: 2.7.2
>
>
> Since we've discovered what might be called a design mistake, we would like to increase the request limit size for a specific location only.
> After a couple of trial, it looks like the SecRequestBodyNoFilesLimit directive under a specific Location is overwritten by the value in the Main scope !
> We've tried to keep the default in the main "mod_security.conf" :
> SecRequestBodyNoFilesLimit 131072
> And include a custom file with this :
> <Location /endpoint>
>         SecRequestBodyNoFilesLimit 13107200
> </Location>
> But requests keep failing.
> As soon We change to 13107200 in the main Scope, requests are going through !
> Is this an (un)expected behavior or are we doing things the wrong way ?

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira