|
From: Ivan R. <iv...@we...> - 2006-02-07 14:50:29
|
Servedio, Allen (Matrix) wrote: > Hi, > > I believe that I have a bug in my mod_security configuration. On a > LimitRequestBody error, we are not being redirected to the > /limiterror.html page we set up to respond to a 413. Instead, > mod_security appears to be intercepting it (I am not sure what I have > misconfigured that is causing this…). Turning mod_security off allows > the user to be redirected to /limiterror.html > > ... > > mod_security-message: Access denied with redirect to [/]. > ap_setup_client_block failed with 413 I think this is a case of ModSecurity being overly cautious. Its attempt to read the request body fails with return code 413 and ModSecurity simply does not want to take any chances. However, I don't like the fact it is breaking Apache functionality so I'll fix this in the next release. -- Ivan Ristic, Technical Director Thinking Stone, http://www.thinkingstone.com ModSecurity: Open source Web Application Firewall |
