Unable to upload file to the website: Request body no files data length is larger than the configured limit

Yulia Plokhotnikova

Updated January 04, 2022 15:25

Plesk for Linux kb: technical ABT: Group B

Should this article appears to be applicable, please, check this other one and confirm it works in such a scenario so it can be merged

Applicable to:

Plesk for Linux

Symptoms

Unable to upload a file to the website hosted in Plesk with the error:

CONFIG_TEXT: 413 Request entity too large

CONFIG_TEXT: Request Entity Too Large
The requested resource
/upload-a-file/
does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.
ModSecurity Atomic ruleset is specified in Tools & Settings > Web Application Firewall (ModSecurity) > Settings
or
Imunify360 is installed in Extensions.

Cause

WAF_SECREQUESTBODYNOFILESLIMIT parameter value reached its limit. The following error can be found in /var/www/vhosts/example.com/logs/error_log file:

CONFIG_TEXT: [:error] [pid 21701] [client 203.0.112.2] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "www.example.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wakfj-fvNMmcLKLp-n8PjQAAAAE"]

Resolution

If ModSecurity Atomic ruleset is specified in Web Application Firewall (ModSecurity) settings:

Log into the server via SSH.
Open /etc/asl/config file using the vi text editor.
Increase the value for the WAF_SECREQUESTBODYNOFILESLIMIT directive, for example to the value as below (specified in Bytes):

CONFIG_TEXT: WAF_SECREQUESTBODYNOFILESLIMIT "10000000"
Execute the command below to update the rulesets:

# for i in daily weekly monthly; do /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateModSecurityRuleSet --period "${i}"; done

This way the change will remain persistent after any updates/rulesets changes.

If Imunify360 is installed in Extensions and there is no /etc/asl/config file:

For Debian based systems (Ubuntu/Debian):

Make sure that SecRequestBodyNoFilesLimit is not defined in apache config anywhere:

# grep -r SecRequestBodyNoFilesLimit /etc/apache2/
#
If it is defined, increase this value. If not, define SecRequestBodyNoFilesLimit by creating limits.conf file:
# printf "SecRequestBodyNoFilesLimit 10000000\n" > /etc/apache2/modsecurity.d/limits.conf
Reload the service:
# service apache2 reload

For RHEL based systems (CentOS/CloudLinux/AlmaLinux):

Make sure that SecRequestBodyNoFilesLimit is not defined in apache config anywhere:
# grep -r SecRequestBodyNoFilesLimit /etc/httpd
#
If it is defined, increase this value. If not, define SecRequestBodyNoFilesLimit by creating limits.conf file:
# printf "SecRequestBodyNoFilesLimit 10000000\n" > /etc/httpd/conf/modsecurity.d/limits.conf
Reload the service:
# service httpd reload

Comments

9 comments

Alejandro Betancor August 03, 2020 12:16

Hi,

In CentOS 7 with Obsidian, the changes are working when modifying the file /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf

The file /etc/httpd/conf.d/mod_security.conf is no existan.

Regards

0

Comment actions Permalink
Ivan Postnikov August 03, 2020 15:01

Hello Alejandro Betancor

I've checked this on my test server and agree with you.

I will pass this to the article author.

0

Comment actions Permalink
Shai Dayan October 03, 2020 19:22

how can that be done on ubuntu?

0

Comment actions Permalink
Anton Maslov October 09, 2020 17:11

Hello Shai, article updated and new instructions can be done on Ubuntu too.

0

Comment actions Permalink
sanjiv February 26, 2021 17:37

/asl/config I don't have asl file then how will I proceed ?

0

Comment actions Permalink
Yulia Plokhotnikova March 04, 2021 03:35
Hello @sanjiv,

It is not /asl/config file, but /etc/asl/config. If this file is missing, try this solution:
1. Log in to the server via SSH.
2. Set the following in the /etc/httpd/conf.d/modsec2.imunify.conf file with a vi text editor:
  
  SecResponseBodyLimit 546870912
  SecRequestBodyNoFilesLimit 10485760
  
  Note: it is specified in Bytes.
3. Restart Apache:
  
  # systemctl restart httpd
If it does not help, check /var/www/vhosts/example.com/logs/error_log for detailed error that appears when issue is reproduced and search at support.plesk.com/hc using this error for another article.
0

Comment actions Permalink
sanjiv March 06, 2021 22:50

There is no file with this name "modsec2.imunify.conf". Still I have an error 413 entity too large. Please suggest a working solution. I had already worked with each possible case to resolve the same.

0

Comment actions Permalink
Juan Pueyo March 12, 2021 20:00

Hi,

I customized it on the domain level: Websites & Domains > domain name > Apache & nginx Settings

<IfModule mod_security2.c>
SecRequestBodyLimit 546870912
</IfModule>

0

Comment actions Permalink
Aykut Ozkaya January 04, 2022 15:25

Hi All

I have the same problem. I have been managing this by increasing the limits in the /etc/httpd/conf.d/modsec2.imunify.conf file. However, every time IM360 updates the chnages are deleted. Is there a more permenant location for increased server upload limits ?

PS : regarding the /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf

I have this file in one of my production servers but not the other. They are configured almost identical- not sure why one has this file and the other has not

Lastly - would adding the /etc/httpd/conf/modsecurity.d/limits.conf file ( with higher limits) work? despite having the tortix_waf.conf?

any suggestion would be much appriciated

0

Comment actions Permalink