Get a ModSecurity error from WAF when saving a large wordpress file


#1

We are using Cloudflare WAF and firewall - do NOT have a firewall on server yet, NOR are we running modsecurity on the server (OVH dedicated server running Plesk 12.5 and Centos 7.x)

Using Thrive Themes and their WordPress web page builder Thrive Architect. We can edit and save pages with it, no issue.
But
we have a larger file to edit/save, we get a POST error from Modsecurity (which one would assume is associated with Cloudflare WAF):

POST /wp-admin/admin-ajax.php HTTP/1.0 https://appbuzzinga.com/wp-admin/post.php?post=25611&action=architect&tve=true
Error 162.158.126.88

[client 162.158.126.88] ModSecurity: Request body no files data length is larger than the configured limit (131072)… Deny with code (413) [hostname “appbuzzinga.com”] [uri “/wp-admin/admin-ajax.php”] [unique_id “W5gR7uhkyKbj0gy7BJZ7RgAAANE”], referer: https://appbuzzinga.com/wp-admin/post.php?post=25611&action=architect&tve=true

Not sure what to change where to fix this issue (am guessing the problem is the “…data length is larger than the configured limit (131072)…” part, but . . .

ANY help would be appreciated :slight_smile:

Linda (sid)


#2

What is the output of following command from ssh?

cat /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf | grep SecRequestBody


#3

this file /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf

does NOT exist. in fact, there are NO files or directories under “rules”

Because modsecurity was not installed in Plesk OR on the server.

In fact, this command:

find /etc -type f \( -iname "*.conf" \) -print0 | xargs -0 grep -Hi "SecRequestBodyNoFilesLimit"

searches EVERY config file, case insensitive, under /etc. NONE of them have SecRequestBodyNoFilesLimit

anywhere in any of the files. It just isn’t set. It would appear to just be a default, as is calling it a modsecurity error.

Sid


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.