Symptoms
When uploading a file in PHP, the below error will appear in the Apache logs:
ModSecurity: Request body (Content-Length) is larger than
the configured limit (134217728).
or
ModSecurity: Output filter: Content-Length (529160) over the limit (524288).
WordPress will also receive the 403 response in the website logs:
POST /wp-admin/async-upload.php HTTP/1.1" 403
Another error that could appear is:
Request Entity Too Large
The requested resource does not allow request data with GET requests,
or the amount of data provided in the request exceeds the capacity limit.
Additionally, a 413 Request Entity Too Large error was encountered
while trying to use an ErrorDocument to handle the request.
Description
cPanel installs Mod_Security via EasyApache by default to increase web security. Mod_security has a default setting to block large requests to prevent DoS attacks and other security risks.
More details: Mod_Security rules reference page for version 2.x
- SecRequestBodyLimit
Description: Configures the maximum request body size ModSecurity will accept
for buffering.
- SecResponseBodyLimit
Description: Configures the maximum response body size that will be
accepted for buffering.
Workaround
Increase the SecRequestBodyLimit and/or SecResponseBodyLimit in the configuration file.
Edit File: /etc/apache2/conf.d/modsec/modsec2.user.conf
Set SecRequestBodyLimit/SecResponseBodyLimit/SecRequestBodyNoFilesLimit to a value than the default limits for example:
Note: This file usually is empty by default. You will need to edit the existing value or add a new line to set the custom value.
SecRequestBodyLimit 546870912
SecResponseBodyLimit 5242880
SecRequestBodyNoFilesLimit 10485760
Save the file, then restart Apache.
/scripts/restartsrv_httpd
After restarting Apache, refresh the webpage and then try the upload once more.
If you need to adjust the PHP.ini upload settings, please review the related article below to assist with this task.