ModSecurity File Upload Error With SecRequestBodyNoFilesLimit

• Remote Linux Server Administrator
• Server Management Service

This article covers ModSecurity File Upload Error With SecRequestBodyNoFilesLimit error which happens when the ModSecurity parameter SecRequestBodyNoFilesLimit has reached the limit.

When this issue occurs, you will be Unable to upload file to the website: Request body no files data length is larger than the configured limit.

This error can occur when WAF_SECREQUESTBODYNOFILESLIMIT parameter value reached its limit.

Symptoms of ModSecurity File Upload Error:

1. Unable to upload a file to the website hosted in Plesk with the error:

413 Request entity too large

Request Entity Too Large

The requested resource

/upload-a-file/

does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.

2. ModSecurity component is installed on the server.

3. The following error can be found in /var/www/vhosts/example.com/logs/error_log file:

[:error] [pid 21701] [client 203.0.112.2] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. 

Deny with code (413) [hostname "www.example.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wakfj-fvNMmcLKLp-n8PjQAAAAE"]

Steps to resolve ModSecurity File Upload Error:

1. Log into the server via SSH.

2. Open /etc/asl/config file using the vi text editor.

3. Increase the value for the WAF_SECREQUESTBODYNOFILESLIMIT directive, for example to the value as below:

WAF_SECREQUESTBODYNOFILESLIMIT "10000000"

Note: it is specified in Bytes.

4. Execute the command below to update the rulesets:

for i in daily weekly monthly; do /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateModSecurityRuleSet --period "${i}"; done

This way the change will remain persistent after any updates/rulesets changes.

Explore:

• secrequestbodylimit modsecurity
• modsecurity detection mode
• modsecurity upload limit
• modsecurity monitoring
• modsecurity blocking mode
• MODSECURITY
• MODSECURITY ERROR

ModSecurity failed to open the audit log file error

• Remote Linux Server Administrator
• Server Management Service

This article will guide you on methods to resolve the error 'ModSecurity failed to open the audit log file' which occur as a result of a missing log files or due to improper permissions.

1. Setting ownership to www-data:www-data and file permissions from 600 to 660 will fix this problem.

2. Ensure that the permissions are properly configured on these files.

Execute the command below:

chmod 0644 /etc/apache2/logs/error_log

chmod 0600 /etc/apache2/logs/modsec_audit.log

The modsec log files are assigned 0600 permissions by default, whereas the error_log is assigned 0644 permissions by default.

3. mkdir permission denied signifies that the user you're running the mkdir as, doesn't have permissions to create new directory in the location you specified. 

You should use ls command on the higher level directory to confirm permissions.

4. The mkdir command by default gives rwx permissions for the current user only. To add read, write, and execute permission for all users, add the -m option with the user 777 when creating a directory.

Explore:

• MODSECURITY
• MODSECURITY ERROR
• laravel permissions
• laravel 7 folder permissions
• laravel give permission to public folder

Disable ModSecurity for a domain

• Remote Linux Server Administrator
• Server Management Service

This article will guide you on how to disable Mod_Security for a specific domain. Basically, ConfigServer #Modsecurity Control allows us to disable the #rules that are blocking access to a specific #domain.

1. Mod_security module helps to protect your website from various #attacks. 

2. ModSecurity is an open-source web-based firewall application (or #WAF) supported by different web servers: Apache, Nginx and IIS. The module is configured to protect web #applications from various attacks.

3. If mod-security is disabled on your account, your website will be at risk from vulnerabilities.

4. To disable modsecurity, all we need to do is remove/rename that file and restart apache. Remove the include line loading mod_security (or more likely mod_security2) from your Apache config.

Explore:

• modsecurity wordpress
• modsecurity cpanel
• modsecurity bypass
• modsecurity rules
• mod security disable
• modsecurity nginx
• this error was generated by modsecurity
• modsecurity error
• DISABLE MOD_SECURITY
• MOD_SECURITY

Install and Configure ModSecurity on Ubuntu

• Remote Linux Server Administrator
• Server Management Service

This article will guide you on the steps to perform #ModSecurity installation on #Ubuntu which involves enabling Core Rule Set to handle malicious activities.

Explore:

• unable to locate package libapache2 modsecurity
• install modsecurity
• enable modsecurity apache ubuntu
• install modsecurity ubuntu 18 04 nginx
• install modsecurity centos 7
• disable mod security apache ubuntu
• linode modsecurity
• modsecurity tutorial
• MODSECURITY
• MODSECURITY ERROR
• MUTAGEN ASTRONOMY UBUNTU
• UBUNTU
• UBUNTU BASH VULNERABILITY
• UBUNTU ERROR

How to fix ModSecurity Error Failed deleting collection

• Remote Linux Server Administrator
• ModSecurity

This article will show you exactly what we did to fix ModSecurity error: collections_remove_stale: Failed deleting collection.

Explore:

• Support
• ModSecurity error