Request Entity Too Large

Question

I get this message,

Request Entity Too Large
The requested resource
/index.php
does not allow request data with POST requests, or the amount of data provide         


        

Answer 1

My server is Apache. It was mod_security module which was preventing post of large data approximately 171 KB. I did below configurations in mod_security.conf

SecRequestBodyNoFilesLimit 10486000
SecRequestBodyInMemoryLimit 10486000

Answer 2

I was struggling with this 413 - Request entity too large problem for last day or so, as I was trying to upload farely large (in MBs) images to the server.

My setup is apache (227) proxying requests to jboss eap (6.4.20) server for accessing rest endpoints.

2 Things worked for me.

1. Make SSLVerifyClient required at the virtual host level. This means all the resources need a valid client cert presented to be served. This was not an option for me as all the resources except /api should NOT be mutual auth protected. So, while it worked, this was not an option for me.

2. I removed the global level SSLVerifyClient required and kept it 'optional'. I re enabled required option only on <Location /api>...</Location>. Trick was to have the SSL renegotiation happen only after a certain threshold is reached - which would be our desired upload file size.

3. So, finally it turned out that I had to enable 'SSLRenegBufferSize' setting on a specific LocationMatch as follows:

   <LocationMatch ^/api/v1/path/(.*)/to/(.*)/resource/endpoint$>
SSLRenegBufferSize 5242880 #allow upto 5MB for files to come through </LocationMatch>

(.*) in the case above represents my path params in the endpoint. Hope this helps.

Answer 3

After you are over the raising of PHP's memory_limit, post_max_size and upload_max_filesize, I would like to recommend you some articles related to the topic, maybe one of them solves the problem.

I found this post on Server Fault:
https://serverfault.com/questions/79741/php-apache-post-limit/79745#79745

• sybreon suggests to double-check the Content-Length, and - citing - "ensure that you are directly connecting to Apache and not through either a proxy or a reverse-proxy. Some reverse-proxies place a cap on the maximum size of a request as a sort of security measure. So, you may want to check that as well as your Apache logs to ensure that nothing else is going on."

• sybreon also posted this link: Apache 413 error problems.
  The following is only applicable if you have mod_ssl module turned on in Apache. (Otherwise this setting can cause a server crash.)
  Citing the article:
  "I was using Apache SSL client certificates, which have a limit of 128K, and if re-negotiation has to happen, a larger POST will fail.
  This Bugzilla posting had the clues - You have to set the following as DEFAULTS for your SSL server, not just the directory.

  SSLVerifyClient require
  

  Otherwise it forces a renegotiation of some sort, and fails with a 413 error."

• The previous article also mentioned the LimitRequestBody directive.
  A guy says here that the appropriate setting of this directive solved his problem..

I hope one of these settings solves this problem!

Answer 4

The only thing that would work for me was to tune up the SSL Buffer Size. You can set this by...

<Directory /my/blah/blah>
...
  # Set this to something big...
  SSLRenegBufferSize 10486000
...
</Directory>

...and then just restart Apache for the change to take effect. (Found this at: http://forum.joomla.org/viewtopic.php?p=2085574)

You can also use "Location /" to simply apply the setting to a whole VirtualHost:

<VirtualHost *:443>
# ...
    <Location />
        SSLRenegBufferSize 101048600
    </Location>
# ...
</VirtualHost>

Answer 5

If max_post_upload and max_file_upload in PHP has been set, and there is a setting in Apache2.conf or ModSec config files of LimitRequestBody set high enough

then possibly a .htaccess file will work.

1. Go to the directory with the upload php file in it ( the file or page throwing the error.)

2 . Make or edit .htaccess

3 . Edit or create a line with LimitRequestBody 20971520 in it.

4. Save the .htaccess. Set permissions. ( 644 and apache owner)

5. Possibly restart apache.

Tada . Hopefully fixed.

This setting sets that limit for this folder only - which is one way to avoid a global setting in php and apache which makes you open to large packet / load DOS attacks.

LimitRequestBody 0 gives you unlimited uploads.