Symptoms
Uploading content through a PHP script triggers a ModSecurity Error:
Request body (Content-Length) is larger than the configured limit
Description
The data passed as an upload is normally part of a POST request, which sends data to the server. The error indicates that the site accepting the upload has placed the data in the body of a request that is not a POST request, which triggers an error from ModSecurity as it goes over the configured threshold.
For best results, the site itself should be reviewed by a developer to ensure that uploads are made in POST requests. The instructions below can be used as a temporary workaround.
Workaround
You can change the SecRequestBodyLimit
setting within the ModSecurity configuration to raise the limit and allow the upload until the site can be reviewed by a developer:
- Access the server as root via an SSH connection, or open the Terminal emulator within WHM.
- Using a command-line text editor, open the following file for editing:
/etc/apache2/conf.d/modsec/modsec2.user.conf
- Add the following entry to the file. This is for a 10MB upload limit, but you can adjust the number value for the size that you require. There is a hard upper limit of 1GB:
SecRequestBodyLimit 10485760
- Save the file and exit the text editor
- Use the built-in cPanel script to restart Apache and apply the changes:
[root@server ~]# /scripts/restartsrv_httpd
Additional Resources
How to log into server using SSH?