Php – HTTP Error: 413 Request Entity Too Large

apache-2.2httpd.confPHPvpsweb services

What I have:
I have an iPhone app that sends HTTP POST requests (XML format) to a web service written in PHP. This is on a hosted virtual private server so I can edit httpd.conf and other files on the server, and restart Apache.

The problem:
The web service works perfectly as long as the request is not too large, but around 1MB is the limit. After that, the server responds with:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>413 Request Entity Too Large</title>
</head><body>
<h1>Request Entity Too Large</h1>
The requested resource<br />/<br />
does not allow request data with POST requests, or the amount of data
provided in the request exceeds the capacity limit.
</body></html>

The web service writes its own log file, and I can see that small messages are processed fine. Larger messages are not logged at all so I guess that something in Apache rejects them before they even reach the web service?

Things I've tried without success:
(I've restarted Apache after every change. These steps are incremental.)

  1. hosting provider's web-based configuration panel: disable mod_security
  2. httpd.conf: LimitXMLRequestBody 0 and LimitRequestBody 0
  3. httpd.conf: LimitXMLRequestBody 100000000 and LimitRequestBody 100000000
  4. httpd.conf: SecRequestBodyLimit 100000000

At this stage, Apache's error.log contains a message:
ModSecurity: Request body no files data length is larger than the configured limit (1048576)

The fact that there's an error statement by ModSecurity indicates that my step #1 didn't really take. Apache's access.log looks like this, with 3 successful small messages and 2 failed large messages:

"POST / HTTP/1.1" 200 310 "-" "Audiopad/1.0 CFNetwork/548.0.4 Darwin/11.0.0"
"POST / HTTP/1.1" 200 310 "-" "Audiopad/1.0 CFNetwork/548.0.4 Darwin/11.0.0"
"POST / HTTP/1.1" 200 310 "-" "Audiopad/1.0 CFNetwork/548.0.4 Darwin/11.0.0"
"POST / HTTP/1.1" 413 464 "-" "Audiopad/1.0 CFNetwork/548.0.4 Darwin/11.0.0"
"POST / HTTP/1.1" 413 464 "-" "Audiopad/1.0 CFNetwork/548.0.4 Darwin/11.0.0"

Apache's error.log has this info about the large messages:

[error] [client 194.24.138.43] ModSecurity: Request body no files data length is larger than the configured limit (1048576). [hostname "webservice-audiopad.golfbravo.net"] [uri "/"]
[error] [client 194.24.138.43] ModSecurity: Request body no files data length is larger than the configured limit (1048576). [hostname "webservice-audiopad.golfbravo.net"] [uri "/"]

However, I don't see the value 1048576 anywhere in httpd.conf.

What more can I try, to get the web service to receive large messages?

Best Answer

I set SecRequestBodyAccess Off for now and that solved all problems.

Related Topic