HTTP Error: 413 Request Entity Too Large
Solution 1
I set SecRequestBodyAccess Off
for now and that solved all problems.
Solution 2
I ran into the same exact issue.
SecRequestBodyNoFilesLimit was the reason.
it was not used in my config at all, but it does have a default value, 1048576.
Once I found that this setting existed, I set it larger than my files and everything is working.
Here is the documentation https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecRequestBodyNoFilesLimit
if you compare to the entry above SecRequestBodyLimit the documentation seems very convoluted. What I was able to boil it down to is this; If you're uploading an actual file attachment the prior setting will rule. If you are pasting the contents of a file into something like a form and the payload is in the PUT then SecRequestBodyNoFilesLimit rules.
Solution 3
You say this is a PHP service, so that means that php.ini is ever bit as much in play as httpd.conf.
There are a number of size limits defined in php.ini, including limits on the size of requests, so I'd start by verifying those limits are all big enough for your needs.
Related videos on Youtube
AdrianM
Hello, world! I enjoy using my experience to help others. That is why I am active at a number of other sites in the StackExchange network on topics that interest me. I'm something of a Swiss army knife both professionally and in private, able to juggle a wild variety of things at once. I've worked in every kind of business that uses software. I'm also very good with tools, both IT and mechanic. Whether you need software design or assembling some IKEA furniture, I'm your man for the job. I'm generally soft-spoken but driven by clear principles. I'm a twin, I've lived in five countries, I speak four languages fluently and two more embarrassingly. Also, being a father routinely develops my patience which is useful for moderating on StackExchange too. To learn more about me, see my Google+ profile.
Updated on September 18, 2022Comments
-
AdrianM over 1 year
What I have:
I have an iPhone app that sends HTTP POST requests (XML format) to a web service written in PHP. This is on a hosted virtual private server so I can edithttpd.conf
and other files on the server, and restart Apache.The problem:
The web service works perfectly as long as the request is not too large, but around 1MB is the limit. After that, the server responds with:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>413 Request Entity Too Large</title> </head><body> <h1>Request Entity Too Large</h1> The requested resource<br />/<br /> does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit. </body></html>
The web service writes its own log file, and I can see that small messages are processed fine. Larger messages are not logged at all so I guess that something in Apache rejects them before they even reach the web service?
Things I've tried without success:
(I've restarted Apache after every change. These steps are incremental.)- hosting provider's web-based configuration panel: disable mod_security
- httpd.conf:
LimitXMLRequestBody 0
andLimitRequestBody 0
- httpd.conf:
LimitXMLRequestBody 100000000
andLimitRequestBody 100000000
- httpd.conf:
SecRequestBodyLimit 100000000
At this stage, Apache's
error.log
contains a message:
ModSecurity: Request body no files data length is larger than the configured limit (1048576)
The fact that there's an error statement by ModSecurity indicates that my step #1 didn't really take. Apache's
access.log
looks like this, with 3 successful small messages and 2 failed large messages:"POST / HTTP/1.1" 200 310 "-" "Audiopad/1.0 CFNetwork/548.0.4 Darwin/11.0.0" "POST / HTTP/1.1" 200 310 "-" "Audiopad/1.0 CFNetwork/548.0.4 Darwin/11.0.0" "POST / HTTP/1.1" 200 310 "-" "Audiopad/1.0 CFNetwork/548.0.4 Darwin/11.0.0" "POST / HTTP/1.1" 413 464 "-" "Audiopad/1.0 CFNetwork/548.0.4 Darwin/11.0.0" "POST / HTTP/1.1" 413 464 "-" "Audiopad/1.0 CFNetwork/548.0.4 Darwin/11.0.0"
Apache's
error.log
has this info about the large messages:[error] [client 194.24.138.43] ModSecurity: Request body no files data length is larger than the configured limit (1048576). [hostname "webservice-audiopad.golfbravo.net"] [uri "/"] [error] [client 194.24.138.43] ModSecurity: Request body no files data length is larger than the configured limit (1048576). [hostname "webservice-audiopad.golfbravo.net"] [uri "/"]
However, I don't see the value
1048576
anywhere inhttpd.conf
.What more can I try, to get the web service to receive large messages?
-
Ladadadada almost 12 yearsThe method of disabling
mod_security
may have been to set it toDetectionOnly
rather than removing the module. It doesn't say anything in that error message about denying the request and it would normally send a 403 if it were working properly.
-
AdrianM almost 12 yearsThanks, that's a good hint! I must find the php.ini (it won't be in the standard location because it's a virtual private server) and check for any limits. But the log indicates that ModSecurity is the problem?
-
Catfish almost 9 yearsWhere do i add this? In my httpd.conf file?
-
AdrianM almost 9 yearsSorry that's three year's ago and I don't run that services anymore. I can't help you...
-
xebeche over 7 years
SecRequestBodyAccess
is a basic setting of ModSecurity, usually found inmodsecurity.conf
e.g. at/etc/modsecurity/modsecurity.conf
.