Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 1 subscriber
  • Views 12558 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ownCloud - Upload Limit (Content-Length)

scorpionking
Hi,

I have an Apache web server in my internal network on which an ownCloud instance is running.
It is protected by WAF.
My setup is working fine so far (at least for smaller files).
If I try to upload a file >128MB from external to my ownCloud instance I get the following WAF log eintries: 
2013:05:08-11:21:35 vpn reverseproxy: [Wed May 08 11:21:35.555140 2013] [security2:error] [pid 9816:tid 3895282544] [client ] ModSecurity: Request body (Content-Length) is larger than the configured limit (134217728). [hostname ""] [uri "/owncloud/index.php/apps/files/ajax/upload.php"] [unique_id "AAA12345aaa"]

2013:05:08-11:21:35 vpn reverseproxy: srcip="" localip="" size="371" user="-" host="" method="POST" statuscode="413" reason="-" extra="-" time="337" url="/owncloud/index.php/apps/files/ajax/upload.php" server="" referer="https:///owncloud/index.php/apps/files" cookie="508d626f7872f=irc8vbpm7023pgefjk14de7f45; HASH_508d626f7872f=06299B8BCF8BA83A7213F19D9468964255EE8E01" set-cookie="-"


I switched off all checkboxes in the WAF Firewall Profile for this virtual host, but that didn't change anything.
Is there any possibility to set a higher Content-Length limit (e.g. via cc)?
I didn't find any places to tweak this setting in WebAdmin.

Note: This is not an ownCloud limit, as it works with a DNAT rule.


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    I guess you have to change that in the config files of the reverse proxy. Those changes do usually not survive an up2date and void the support contract (if you have one).

    Regards
    Manfred
  • 0 in reply to Hallowach2
    I guess you have to change that in the config files of the reverse proxy. Those changes do usually not survive an up2date and void the support contract (if you have one).

    Thanks for your answer. It's a home setup, so no support...
    I would love to do that but editing a config file probably won't even survive a reboot, so I need a reasonably persistent solution. That's why I mentioned cc.

    You can, in effect, create an exclusion for "" by using it as the source in the traffic selector in a DNAT - the DNAT will capture the packets before they can be seen by WAF.

    Thanks for the suggestion but with  I meant every IP outside my Home network (not a specific one), so that's not practicable...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Reply
  • 0 in reply to Hallowach2
    I guess you have to change that in the config files of the reverse proxy. Those changes do usually not survive an up2date and void the support contract (if you have one).

    Thanks for your answer. It's a home setup, so no support...
    I would love to do that but editing a config file probably won't even survive a reboot, so I need a reasonably persistent solution. That's why I mentioned cc.

    You can, in effect, create an exclusion for "" by using it as the source in the traffic selector in a DNAT - the DNAT will capture the packets before they can be seen by WAF.

    Thanks for the suggestion but with  I meant every IP outside my Home network (not a specific one), so that's not practicable...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Children
No Data
Unfiltered HTML