When uploading a file in PHP, the below error will appear in the Apache logs:
ModSecurity: Request body (Content-Length) is larger than
the configured limit (134217728).
WordPress will also receive the 403 response in the website logs:
POST /wp-admin/async-upload.php HTTP/1.1" 403
Another error that could appear is:
Request Entity Too Large
The requested resource does not allow request data with GET requests,
or the amount of data provided in the request exceeds the capacity limit.
Additionally, a 413 Request Entity Too Large error was encountered
while trying to use an ErrorDocument to handle the request.
cPanel installs Mod_Security via EasyApache by default to increase web security. Mod_security has a default setting to block large requests to prevent DoS attacks and other security risks.
More details: Mod_Security rules reference page for version 2.x
Description: Configures the maximum request body size ModSecurity will accept
Syntax: SecRequestBodyLimit LIMIT_IN_BYTES
Example Usage: SecRequestBodyLimit 134217728
Supported on libModSecurity: Yes
Default: 134217728 (131072 KB)
Anything over the limit will be rejected with status code 413
(Request Entity Too Large). There is a hard limit of 1 GB.
Increase the SecRequestBodyLimit in the configuration file.
Edit File: /etc/apache2/conf.d/modsec/modsec2.user.conf
Set SecRequestBodyLimit to a value higher than 134217728 for example:
Note: This file usually is empty by default. You will need to edit the existing value or add a new line to set the custom value.
Save the file, then restart Apache.
After restarting Apache, refresh the webpage and then try the upload once more.
If you need to adjust the PHP.ini upload settings, please review the related article below to assist with this task.