How Can I Disable ModSecurity SecRequestBodyLimit

[Tiv]

I have a site that needs to have large file uploads (10GB), but I get an error "Request body (Content-Length) is larger than the configured limit (134217728)".
SecRequestBodyLimitAction has a hard upper limit of 1GB, and that's not enough for what my site needs, so changing it to a higher value isn't enough.
I tried to comment out SecRequestBodyLimit and restart Apache, but it didn't help.
I even searched in /etc/httpd and /etc/modsecurity.d/ for 134217728 and there is no file containing 134217728. According to this link, 134217728 is the default value for SecRequestBodyLimit, so if it can't find the SecRequestBodyLimit directive, it probably falls back to the default.
Is there a way to disable SecRequestBodyLimit altogether? I don't need any limit on uploads; my site is made for large uploads.

Attached is the contents of /etc/httpd/conf/extra/httpd-modsecurity.conf
Apache version: 2.4.58
PHP version: 8.1.24
OS: Alma 9

P.S. I'm not sure if DirectAdmin is the right place to post it, but I had servers with other panels and never encountered this issue, so I thought maybe this is some hidden DirectAdmin configuration, but maybe I'm wrong. Anyway, I'd really appreciate any guidance on this; this has been driving me crazy all day.

 

[Zhenyapan]

134217728 - its 128Mb so it can be declared as 128Mb in configs.
check post_max_size and upload_max_filesize also if you can't find where some limit set - you can try to redefine/overwrite it in main service confs.

 

[Tiv]

Thanks for the quick reply.
I ran this now `grep -Ri 128Mb /etc/httpd/` and nothing came back.
The error says that it's a modsecurity rule that blocked it and not PHP; however, PHP in memory_limit, upload_max_filesize, and post_max_size are all high enough.

 

[patrickkasie]

I am not too familiar with modsecurity, but I do know that php needs an ini file. You can increase your post_max_size and upload_max_filesize by changing this in the php.ini, located per user here:
/usr/local/directadmin/data/users/userhere/domains/domainnamehere.php.ini
Or for the master file:
/usr/local/php80/lib/php.ini
Replace php80 with your php version, like php82 or php74 for 8.2 and 7.4 respectively
Don't forget to restart your php service!

 

[Ohm J]

Upload big file size in one time is bad idea, I suggest develop new upload system with split chunk upload.

 

[Ohm J]

Ahh I forgot to answer the question.
maybe set SecRequestBodyLimit to 0; could bypass body limit check.

I'm not working with apache too much but if you out of choice, maybe just fully disable modsec for one request uri

#.htaccess

RewriteEngine On
RewriteRule ^path/your_file\.php$ - [E=MODSEC_ENABLE:Off]

 

[Tiv]

Thank you all for the advice.
@jamgames2, I'll disable SecRequestBodyAccess for the upload path.