Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Apache error 500 on large file uploads (mod_security)

As far as I've tried, none of the usual solutions works for me. Well, my problem, I'm receiving an 500 Error every time I upload a "large file" (600 KB ~), with smaller images it works fine. So..., even with this (extreme) .htaccess file it keeps happening, and yes, .htaccess are active:

upload_max_filesize = 100M
post_max_size = 100M
memory_limit = 128M
max_input_time = 6000
max_execution_time = 6000

So, I take a look at the logs and find this (is only one line, just pasted it as easy to read with line jumps):

[Mon Jul 27 17:09:28.<port> 2015] [:error] [pid 21423] [client <ip>]    
ModSecurity: Access denied with code 44 (phase 2). 
Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. 
[file "/etc/httpd/conf.d/mod_security.conf"] 
[line "35"] [id "<another id>"] 
[msg "Multipart parser detected a possible unmatched boundary."] 
[hostname "<my host>"] [uri "<my script>"] [unique_id "<id (useless I think)"]

But, now I not able to find how to edit the mod_security (it has the default config, and empty activated_rules) config in order (i think) to allow this "large" file uploads. I'm running PHP 5.3 in Apache 2.4/CentOS 7.

like image 340
Octal Avatar asked Jul 27 '15 17:07

Octal


People also ask

How to check if a file upload is malicious in Apache?

Giving the fact that Apache is the most used web server out there, one way to achieve such thing is by using the powerfull mod_security. Mod_Security has option, where you can tell it to scan certain uploaded files and decide if this is malicious or not. Here is a step-by-step manual on configuring simple file-upload parser with mod_security

What causes 500 Internal Server Error in Apache?

A PHP upgrade, Apache recompilation, permission or ownership changes, anything can trigger a 500 error in a website. The impact of the error can vary based on the cause that triggered it. Today, we’ll discuss the probable causes for ‘500 internal server error’ in Apache and how to resolve them. What causes ‘500 internal server error’ in Apache?

Why am I getting so many server errors in Apache?

A web server or PHP module that is not working fine – A corrupt php.ini file, a module that is no longer supported, etc. can also lead to 500 internal server errors in Apache. [ You don’t have to lose your sleep over server errors.

How to secure your Apache web server?

Giving the fact that Apache is the most used web server out there, one way to achieve such thing is by using the powerfull mod_security. Mod_Security has option, where you can tell it to scan certain uploaded files and decide if this is malicious or not.


2 Answers

The fact you have a ModSecurity alert means that you can't have empty activated_rules folder or you are including the rules in some other way.

There are known problems with ModSecurity for this error and it seems very susceptible to false positives.

The main advice when I rule is raising too many false positives is to just turn off that rule (I'm assuming it's rule 200003 that's firing but replace the id as appropriate):

SecRuleRemoveById 200003
like image 101
Barry Pollard Avatar answered Oct 12 '22 15:10

Barry Pollard


I got the same error:

ModSecurity: Access denied with code 44 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/httpd/conf.d/mod_security.conf"] [line "34"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary."] 

But @nilpo answer was correct I got this issue due to the image name and after changing the name issue solved.

But it's not something I want because I know the solution but my customer did't know that they have to change the name.

like image 39
naveen joshi Avatar answered Oct 12 '22 15:10

naveen joshi