Knowledge Base

Unable to upload file to the website: Request body no files data length is larger than the configured limit

 
almalinuxapacheapache configcentoscloudlinux

Should this article appears to be applicable, please, check this other one and confirm it works in such a scenario so it can be merged

Symptoms

  • Unable to upload a file to the website hosted in Plesk with the error:

    413 Request entity too large
    Request Entity Too Large
    The requested resource
    /upload-a-file/
    does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.

  • ModSecurity Atomic ruleset is specified in Tools & Settings > Web Application Firewall (ModSecurity) > Settings
    or
    Imunify360 is installed in Extensions.

Cause

WAF_SECREQUESTBODYNOFILESLIMIT parameter value reached its limit. The following error can be found in /var/www/vhosts/example.com/logs/error_log file:

[:error] [pid 21701] [client 203.0.112.2] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "www.example.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Wakfj-fvNMmcLKLp-n8PjQAAAAE"]

Resolution

If ModSecurity Atomic ruleset is specified in Web Application Firewall (ModSecurity) settings:

  1. Log into the server via SSH.

  2. Open /etc/asl/config file using the vi text editor.

  3. Increase the value for the WAF_SECREQUESTBODYNOFILESLIMIT directive, for example to the value as below (specified in Bytes):

    WAF_SECREQUESTBODYNOFILESLIMIT "10000000"

  4. Execute the command below to update the rulesets:

    # for i in daily weekly monthly; do /usr/local/psa/bin/sw-engine-pleskrun /usr/local/psa/admin/plib/DailyMaintainance/script.php -f UpdateModSecurityRuleSet –period “${i}”; done

This way the change will remain persistent after any updates/rulesets changes.

If Imunify360 is installed in Extensions and there is no /etc/asl/config file:

For Debian based systems (Ubuntu/Debian):

  1. Make sure that SecRequestBodyNoFilesLimit is not defined in apache config anywhere:

    # grep -r SecRequestBodyNoFilesLimit /etc/apache2/
    #

  2. If it is defined, increase this value. If not, define SecRequestBodyNoFilesLimit by creating limits.conf file:

    # printf “SecRequestBodyNoFilesLimit 10000000n” > /etc/apache2/modsecurity.d/limits.conf

  3. Reload the service:

    # service apache2 reload

For RHEL based systems (CentOS/CloudLinux/AlmaLinux):

  1. Make sure that SecRequestBodyNoFilesLimit is not defined in apache config anywhere:

    # grep -r SecRequestBodyNoFilesLimit /etc/httpd
    #

  2. If it is defined, increase this value. If not, define SecRequestBodyNoFilesLimit by creating limits.conf file:

    # printf “SecRequestBodyNoFilesLimit 10000000n” > /etc/httpd/conf/modsecurity.d/limits.conf

  3. Reload the service:

    # service httpd reload

Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2023 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with love with Plesk WP Toolkit

Plesk uses LiveChat system (3rd party).

By proceeding below, I hereby agree to use LiveChat as an external third party technology. This may involve a transfer of my personal data (e.g. IP Address) to third parties in- or outside of Europe. For more information, please see our Privacy Policy.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt