Should this article appears to be applicable, please, check this other one and confirm it works in such a scenario so it can be merged
Symptoms
-
Unable to upload a file to the website hosted in Plesk with the error:
413 Request entity too large
Request Entity Too Large
The requested resource
/upload-a-file/
does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit. -
ModSecurity Atomic ruleset is specified in Tools & Settings > Web Application Firewall (ModSecurity) > Settings
or
Imunify360 is installed in Extensions.
Cause
WAF_SECREQUESTBODYNOFILESLIMIT
parameter value reached its limit. The following error can be found in /var/www/vhosts/example.com/logs/error_log
file:
[:error] [pid 21701] [client 203.0.112.2] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "www.example.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wakfj-fvNMmcLKLp-n8PjQAAAAE"]
Resolution
If ModSecurity Atomic ruleset is specified in Web Application Firewall (ModSecurity) settings:
-
Log into the server via SSH.
-
Open
/etc/asl/config
file using the vi text editor. -
Increase the value for the
WAF_SECREQUESTBODYNOFILESLIMIT
directive, for example to the value as below (specified in Bytes):WAF_SECREQUESTBODYNOFILESLIMIT "10000000"
-
Execute the command below to update the rulesets:
# for i in daily weekly monthly; do /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateModSecurityRuleSet –period “${i}”; done
This way the change will remain persistent after any updates/rulesets changes.
If Imunify360 is installed in Extensions and there is no /etc/asl/config
file:
For Debian based systems (Ubuntu/Debian):
-
Make sure that SecRequestBodyNoFilesLimit is not defined in apache config anywhere:
# grep -r SecRequestBodyNoFilesLimit /etc/apache2/
# - If it is defined, increase this value. If not, define SecRequestBodyNoFilesLimit by creating limits.conf file:
# printf “SecRequestBodyNoFilesLimit 10000000n” > /etc/apache2/modsecurity.d/limits.conf
- Reload the service:
# service apache2 reload
For RHEL based systems (CentOS/CloudLinux/AlmaLinux):
- Make sure that SecRequestBodyNoFilesLimit is not defined in apache config anywhere:
# grep -r SecRequestBodyNoFilesLimit /etc/httpd
# - If it is defined, increase this value. If not, define SecRequestBodyNoFilesLimit by creating limits.conf file:
# printf “SecRequestBodyNoFilesLimit 10000000n” > /etc/httpd/conf/modsecurity.d/limits.conf
- Reload the service:
# service httpd reload