File Uploads Cause 403 Errors

HappyFeat

• July 18, 2025 13:38

I've just put a new cPanel server into production and everything is good except that file uploads that are larger than a few kb cause a 403 error.

It's not a permissions problem because small files work.
It's not a .htaccess problem (because there is none)
php.ini is set to allow fileuploads up to 256Mb
I've disable ModSecurity
I've disabled CSF 

The mere existence of a decent sized file in the POST causes the 403 - even before I try to anything with it, so it seem to be something to do with Apache.

Has anyone ever encountered this before?

 

• 

  HappyFeat

  • July 18, 2025 14:00

  I think I've found the answer - apparently AWS Web Application Firewall blocks everything larger that 8kb by default ... now to become an expert at AWS Security Groups!

  8 KB is not enough: why WAFs can’t protect APIs - Security Boulevard

  0
• 

  quietFinn

  • July 18, 2025 14:16

  Do this in root command line (assuming you have root access):
  tail -f /etc/apache2/logs/error_log
  when trying to upload.

  Do you see any errors there?

   

  0
• 

  HappyFeat

  • July 18, 2025 14:24
  • Edited

  No, it wasn't even reaching the server, the 403 error was coming from the AWS WAF.

  I've set the "SizeRestrictions_BODY" rule to "Override:allow" and the uploads are fine now - just did a 50mb upload with no problems.

  Just another trap to be aware of when hosting a cPanel server at AWS

   

  0

Please sign in to leave a comment.