Description
I've got something I was not expecting using v2.8.0.
I'm trying to use different settings globally and for a specific location:
SecRequestBodyAccess On
SecRequestBodyLimitAction ProcessPartial
SecRequestBodyLimit 1048576
SecStreamInBodyInspection On
<Location /bigupload/>
SecRequestBodyLimitAction Reject
SecRequestBodyLimit 10486784
SecStreamInBodyInspection Off
- Whenever I upload a file between 1048576 and 10486784 to this specific location, POST is accepted, but it give the following message:
Message: Request body (Content-Length) is larger than the configured limit (1048576).
-
If the file is > 10486784, it is rejected and I got two messages:
Message: Request body (Content-Length) is larger than the configured limit (1048576).
Message: Request body (Content-Length) is larger than the configured limit (10486784). Deny with status (413) -
I first thought this could be related to a previous fix:
498b9b2
Because when I use the following settings:
SecRequestBodyAccess On
SecRequestBodyLimitAction Reject
SecRequestBodyLimit 1048576
SecStreamInBodyInspection On
<Location /bigupload/>
SecRequestBodyLimitAction ProcessPartial
SecRequestBodyLimit 10486784
SecStreamInBodyInspection Off
Files > 1048576 are always rejected with 413 as above, but the message does not mention it:
Message: Request body (Content-Length) is larger than the configured limit (1048576).
REM: I've compiled and packaged 2.8.0 for CentOS 6.5 to fix this ProcessPartial issue in mod_security-2.7.3-3.el6.x86_64...
I'll be happy to help to test a patch if this is a real issue...
BTW: Thanks for this mod guys.