Reference Manual: https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecRequestBodyLimit<http://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecRuleEngine> https://sourceforge.net/apps/mediawiki/mod-security/index.php?title=Reference_Manual#SecRequestBodyNoFilesLimit
Current setting: # Maximum request body size we will accept for buffering. If you support # file uploads then the value given on the first line has to be as large # as the largest file you are willing to accept. The second value refers # to the size of data, with files excluded. You want to keep that value as # low as practical. # SecRequestBodyLimit 13107200 SecRequestBodyNoFilesLimit 131072 Rationale: These two settings are highly dependent upon the local application's purpose. The first directive – SecRequestBodyLimit – includes file attachments (multi-part Content-Type). This setting translates to 12.5MB. The second directive – SecRequestBodyNoFilesLimit – is for application/x-www-form-urlencoded request bodies passing ARGS. This setting is 128K. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
