Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 1 subscriber
  • Views 12498 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ownCloud - Upload Limit (Content-Length)

scorpionking
Hi,

I have an Apache web server in my internal network on which an ownCloud instance is running.
It is protected by WAF.
My setup is working fine so far (at least for smaller files).
If I try to upload a file >128MB from external to my ownCloud instance I get the following WAF log eintries: 
2013:05:08-11:21:35 vpn reverseproxy: [Wed May 08 11:21:35.555140 2013] [security2:error] [pid 9816:tid 3895282544] [client ] ModSecurity: Request body (Content-Length) is larger than the configured limit (134217728). [hostname ""] [uri "/owncloud/index.php/apps/files/ajax/upload.php"] [unique_id "AAA12345aaa"]

2013:05:08-11:21:35 vpn reverseproxy: srcip="" localip="" size="371" user="-" host="" method="POST" statuscode="413" reason="-" extra="-" time="337" url="/owncloud/index.php/apps/files/ajax/upload.php" server="" referer="https:///owncloud/index.php/apps/files" cookie="508d626f7872f=irc8vbpm7023pgefjk14de7f45; HASH_508d626f7872f=06299B8BCF8BA83A7213F19D9468964255EE8E01" set-cookie="-"


I switched off all checkboxes in the WAF Firewall Profile for this virtual host, but that didn't change anything.
Is there any possibility to set a higher Content-Length limit (e.g. via cc)?
I didn't find any places to tweak this setting in WebAdmin.

Note: This is not an ownCloud limit, as it works with a DNAT rule.


This thread was automatically locked due to age.
  • 0 in reply to Simon++_01
    That is what I tried first. I triedit with 800 MB and it doesn't work.


    ...Ok, I was wrong. WebAdmin is working now. Everything is fine.
    Thanks for your help and the little workaround. [:)]
  • 0
    That is what I tried first. I triedit with 800 MB and it doesn't work.
  • 0
    Try 1073741823

    Any luck?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    I have the same problem with owncloud.

    Now I added the same line
    SecRequestBodyLimit 1073741824

    to /var/storage/chroot-reverseproxy/usr/apache/conf/httpd.conf, restartet WAF and what I get is while booting my UTM:
    :: Starting WebAdmin ........ failed


    Is there a special place in the config file where I need to add the line?
  • 0 in reply to scorpionking
    Yep, seems to work. At least I don't get the error log entries from above.

    Note: There is a 1GB (1073741824 byte) hard limit in ModSecurity for "SecRequestBodyLimit" (see Configuration Directives), so 1GB is the maximum.

    I added the line 
    SecRequestBodyLimit 1073741824

    to /var/storage/chroot-reverseproxy/usr/apache/conf/httpd.conf, restartet WAF and could successfully upload a 700MB file to my ownCloud.

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0 in reply to Hallowach2
    I haven't tried that yet. I will let you know, if I had the time to check...

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0
    Did adding the setting to the conf file do the trick (as a workaround)?

    Regards
    Manfred
  • 0 in reply to BarryG
    Hi, you can post a Feature Request for this to be adjustable, at UTM (Formerly ASG) Feature Requests: Hot (1206 ideas)

    Done: Allow modification of "ModSecurity: Request body (Content-Length) limit"

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
  • 0
    Hm - I don't see such a setting in CC.

    But since this is a home setup you my try to add the line
    SecRequestBodyLimit 500000000
    into
    /var/storage/chroot-reverseproxy/usr/apache/conf/httpd.conf, restart WAF and try again.

    This file survives reboots but not every up2date.

    Regards
    Manfred
  • 0 in reply to BarryG
    Hi, you can post a Feature Request for this to be adjustable, at UTM (Formerly ASG) Feature Requests: Hot (1206 ideas)
    I will do that...

    It's possible this is adjustable via 'cc', but I don't know the command/variable.
    That's what I hoped for. Perhaps someone else knows it?

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Unfiltered HTML