Mod Security response/request body size?
How do I get the size of the response/request body in Mod Security?
I keep getting this error for example:
[Mon Sep 17 23:34:38 2012] [error] [client 192.168.1.1] ModSecurity: Output filter: Response body too large (over limit of 1000, total not specified). [hostname "example.com"] [uri "/index.php"] [unique_id "asdf"]
It's not telling me the total; how can I figure the total out?
Answer
Take a look at the SecResponseBodyLimit docs:
SecResponseBodyLimit
Description: Configures the maximum response body size that will be accepted for buffering.
Syntax: SecResponseBodyLimit NUMBER_IN_BYTES
Example Usage: SecResponseBodyLimit 524228
Processing Phase: N/A
Scope: Any
Dependencies/Notes: Anything over this limit will be rejected with status code 500 Internal Server Error. This setting will not affect the responses with MIME types that are not marked for buffering. There is a hard limit of 1 GB.
By default this limit is configured to 512 KB:
# Buffer response bodies of up to 512 KB in length
SecResponseBodyLimit 524288
For some reason, you have it set to "1000" and /index.php's output is larger than 1000 bytes.