What is the impact of increasing the SecResponseBodyLimit from default value (512k) to (5M)

mod-security

I installed the mod_security version 2.5.13 with apache2 and I'm facing problem with SecResponseBodyLimit:
( ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified))

and my question is:
what is the impact of increasing the SecResponseBodyLimit from default value (512k) to (5M) ?

Best Answer

It means that anything over that limit will be rejected with a 500-Internal Server Error code.

To change what it does when it hits that error the SecResponseBodyLimitAction directive affects that.

By default, ModSecurity will reject a response body that is longer than specified. Some web sites, however, will produce very long responses, making it difficult to come up with a reasonable limit.

Reject causes the 500 error, where ProcessPartial allows even long responses to be allowed, but only the first part of long responses will be processed against mod_security.

https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2011-April/000694.html

Best Answer

Related Solutions

The difference between an Audit Log and a regular Log (In the context of mod_security)

Mod_security never tells what the problem is

Related Topic