Hello,
Im hosting for myself some things. One of it is PingVin-Share which is behind WAF on XG. I was trying to upload a file abut 10mb... But im getting an error.
So i went to console -> advanced shell logs are below:
[Sun May 14 20:00:11.856339 2023] [security2:error] [pid 28988:tid 140455144576768] [client 31.0.182.76:2339] [client 31.0.182.76] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "SOME_FQDN"] [uri "/api/shares/gwMzU0N/files"] [unique_id "ZGE9yij5BYAMKO88rwko5wAAAAI"], referer: https://FQDN/upload
[Sun May 14 20:00:10.955261 2023] timestamp="1684094410" srcip="31.0.182.76" localip="SOME_IP" user="-" method="POST" statuscode="413" reason="-" extra="-" exceptions="-" duration="901310" url="/api/shares/gwMzU0N/files" server="SOME_FQDN" referer="">">">https://FQDN/upload"
i was digging on forum and there is some solution but im a little bit confused to apply it, and this isnt even permanently solution... Its been about 3 years, and nothing has change to that problem ;)
I manage to make it work - i just made a path exception which exclude whole protection engines.. For my point for that case WAF is unusable, cuz there is no protection from OWASP etc.
community.sophos.com/.../413-request-entity-too-large
This thread was automatically locked due to age.
