Articles in this section

See more

Unable to upload file to website on Plesk: Request body no files data length is larger than the configured limit

Avatar
Alexander Tsmokalyuk
Updated
Follow
Plesk for Linux kb: technical ABT: Group B

Should this article appears to be applicable, please, check this other one and confirm it works in such a scenario so it can be merged

Applicable to:

  • Plesk for Linux

Symptoms

  • Unable to upload a file to a website hosted in Plesk:

    CONFIG_TEXT: 413 Request entity too large

    CONFIG_TEXT: Request Entity Too Large
    The requested resource
    /upload-a-file/
    does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.

  • ModSecurity Atomic ruleset is specified in Tools & Settings > Web Application Firewall (ModSecurity) > Settings
    or
    Imunify360 is installed in Extensions.

  • Error in /var/www/vhosts/example.com/logs/error_log:

    CONFIG_TEXT: ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "www.example.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wakfj-fvNMmcLKLp-n8PjQAAAAE"]

Cause

Modsecurity limit defined by WAF_SECREQUESTBODYNOFILESLIMIT parameter value is reached.

Resolution

If ModSecurity Atomic ruleset is specified in Web Application Firewall (ModSecurity) settings:

  1. Log into the server via SSH.

  2. Open /etc/asl/config file using the vi text editor.

  3. Increase the value for the WAF_SECREQUESTBODYNOFILESLIMIT directive, for example to the value as below (specified in Bytes):

    CONFIG_TEXT: WAF_SECREQUESTBODYNOFILESLIMIT "10000000"

  4. Execute the command below to update the rulesets:

    # for i in daily weekly monthly; do /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateModSecurityRuleSet --period "${i}"; done

This way the change will remain persistent after any updates/rulesets changes.

If Imunify360 is installed in Extensions and there is no /etc/asl/config file:

For Debian based systems (Ubuntu/Debian):

  1. Check if SecRequestBodyNoFilesLimit is not defined in Apache configuration:

    # grep -r SecRequestBodyNoFilesLimit /etc/apache2/
    #

  2. If it is defined, increase this value. If not, define SecRequestBodyNoFilesLimit by creating limits.conf file:

    # printf "SecRequestBodyNoFilesLimit 10000000\n" > /etc/apache2/modsecurity.d/limits.conf

  3. Reload the service:

    # service apache2 reload

For RHEL-based systems (CentOS/CloudLinux/AlmaLinux):

  1. Check if SecRequestBodyNoFilesLimit is defined in Apache configuration:

    # grep -r SecRequestBodyNoFilesLimit /etc/httpd
    #

  2. If it is defined, increase its value. If not, define SecRequestBodyNoFilesLimit by creating limits.conf file:

    # printf "SecRequestBodyNoFilesLimit 10000000\n" > /etc/httpd/conf/modsecurity.d/limits.conf

  3. Reload the service:

    # service httpd reload

Comments

9 comments

Sort by Date Votes
  • Avatar
    Alejandro Betancor

    Hi,

    In CentOS 7 with Obsidian, the changes are working when modifying the file /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf

    The file /etc/httpd/conf.d/mod_security.conf is no existan.

     

    Regards

     

     

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello Alejandro Betancor

    I've checked this on my test server and agree with you.

    I will pass this to the article author.

    0
    Comment actions Permalink
  • Avatar
    Shai Dayan

    how can that be done on ubuntu?

    0
    Comment actions Permalink
  • Avatar
    Anton Maslov

    Hello Shai, article updated and new instructions can be done on Ubuntu too.

    0
    Comment actions Permalink
  • Avatar
    sanjiv

    /asl/config I don't have asl file then how will I proceed ?

    0
    Comment actions Permalink
  • Avatar
    Yulia Plokhotnikova

    Hello @sanjiv,

    It is not /asl/config file, but /etc/asl/config. If this file is missing, try this solution:

    1. Log in to the server via SSH.

    2. Set the following in the /etc/httpd/conf.d/modsec2.imunify.conf file with a vi text editor:

      SecResponseBodyLimit 546870912
      SecRequestBodyNoFilesLimit 10485760

      Note: it is specified in Bytes.

    3. Restart Apache:

       

      systemctl restart httpd

    If it does not help, check /var/www/vhosts/example.com/logs/error_log for detailed error that appears when issue is reproduced and search at support.plesk.com/hc using this error for another article.

    0
    Comment actions Permalink
  • Avatar
    sanjiv

    There is no file with this name "modsec2.imunify.conf". Still  I have an error 413 entity too large. Please suggest a working solution. I had  already worked with each possible case to resolve the same.

    0
    Comment actions Permalink
  • Avatar
    Juan Pueyo

    Hi,

    I customized it on the domain level:  Websites & Domains > domain name >  Apache & nginx Settings


    <IfModule mod_security2.c>
         SecRequestBodyLimit 546870912
    </IfModule>

    0
    Comment actions Permalink
  • Avatar
    Aykut Ozkaya

    Hi All

    I have the same problem. I have been managing this by increasing the limits in the /etc/httpd/conf.d/modsec2.imunify.conf file. However, every time IM360 updates the chnages are deleted. Is there a more permenant location for increased server upload limits ?

    PS : regarding the /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf

    I have this file in one of my production servers but not the other. They  are configured almost identical- not sure why one has this file and the other has not

    Lastly - would adding the  /etc/httpd/conf/modsecurity.d/limits.conf file ( with higher limits) work? despite having the tortix_waf.conf? 

    any suggestion would be much appriciated

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles