Unable to upload file to the website hosted in Plesk when Imunify is present on the server: Request body no files data length is larger than the configured limit

Symptoms

• Unable to upload a file to a website hosted in Plesk with the following error:

  CONFIG_TEXT: 413 Request entity too large

  CONFIG_TEXT: Request Entity Too Large
  The requested resource
  /upload-a-file/
  does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.

• On uploading a big file via WordPress administrator interface, the following error is shown:

  Unexpected response from the server. The file may have been uploaded successfully. Check in the Media Library or reload the page

• The Web Application Firewall (ModSecurity) component is installed and active on the server
• The Imunify extension for Plesk (aka Imunify360) is installed and active on the server

• An error that is similar to the following can be found in the Apache error log /var/www/vhosts/example.com/logs/error_log:

  CONFIG_TEXT: ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "example.com"] [uri "/Backoffice/index.php"] [unique_id "YCK6aBTMZUZFIMPlEoLhpAAAABk"]

  CONFIG_TEXT: 2023-01-22 13:40:52 Error 203.0.113.2 [client 203.0.113.2] ModSecurity: Request body (Content-Length) is larger than the configured limit (134217728). [hostname "example.com"] [uri "/wp-admin/async-upload.php"] [unique_id "ZbEVgLPF684lP2xTCxMAEwAAABg"], referer: https://example.com/wp-admin/media-new.php Apache error

Cause

The error is caused by the limit of the SecRequestBodyNoFilesLimit within the Imunify360 ruleset for ModSecurity being reached, which makes ModSecurity deny the upload action.

Resolution