ModSecurity: Request body (Content-Length) is larger than the configured limit

ModSecurity: Request body (Content-Length) is larger than the configured limit

While uploading large files, you may get the following error due to mod_security.

ModSecurity: Request body (Content-Length) is larger than the configured limit (134217728). Deny with status (413) [hostname “domain.com”] [uri “/folder/folder2/file.php”] [unique_id “T-VoPZ7-KsUAABnOIf8AAAAC”]

To resolve the issue,

Modify your modsec2.conf and change the limit set for SecRequestBodyInMemoryLimit

# vi /etc/httpd/conf/modsec2.conf

search for SecRequestBodyInMemoryLimit

SecRequestBodyInMemoryLimit 531072

increase the value, save the file and restart the apache service.

Tagged , . Bookmark the permalink.

One Response to ModSecurity: Request body (Content-Length) is larger than the configured limit

  1. Jesin says:

    Doesn’t the “SecRequestBodyLimit” directive specify the size of the uploaded file?

    According to the docs of modsecurity on SecRequestBodyInMemoryLimit

    “Configures the maximum request body size that ModSecurity will store in memory.
    When a multipart/form-data request is being processed, once the in-memory limit is reached, the request body will start to be streamed into a temporary file on disk.”

Leave a Reply