Mod Security response/request body size?

user1529891 picture user1529891 · Sep 18, 2012 · Viewed 11.5k times · Source

How do I get the size of the response/request body in Mod Security?

I keep getting this error for example:

[Mon Sep 17 23:34:38 2012] [error] [client 192.168.1.1] ModSecurity: Output filter: Response body too large (over limit of 1000, total not specified). [hostname "example.com"] [uri "/index.php"] [unique_id "asdf"]

It's not telling me the total; how can I figure the total out?

Answer

Jon Lin picture Jon Lin · Sep 18, 2012

Take a look at the SecResponseBodyLimit docs:

SecResponseBodyLimit

Description: Configures the maximum response body size that will be accepted for buffering.

Syntax: SecResponseBodyLimit NUMBER_IN_BYTES

Example Usage: SecResponseBodyLimit 524228

Processing Phase: N/A

Scope: Any

Dependencies/Notes: Anything over this limit will be rejected with status code 500 Internal Server Error. This setting will not affect the responses with MIME types that are not marked for buffering. There is a hard limit of 1 GB.

By default this limit is configured to 512 KB:

# Buffer response bodies of up to 512 KB in length
SecResponseBodyLimit 524288

For some reason, you have it set to "1000" and /index.php's output is larger than 1000 bytes.