Get a ModSecurity error from WAF when saving a large wordpress file

We are using Cloudflare WAF and firewall - do NOT have a firewall on server yet, NOR are we running modsecurity on the server (OVH dedicated server running Plesk 12.5 and Centos 7.x)

Using Thrive Themes and their WordPress web page builder Thrive Architect. We can edit and save pages with it, no issue.
we have a larger file to edit/save, we get a POST error from Modsecurity (which one would assume is associated with Cloudflare WAF):

_POST /wp-admin/admin-ajax.php HTTP/1.0

_[client] ModSecurity: Request body no files data length is larger than the configured limit (131072)… Deny with code (413) [hostname “”] [uri “/wp-admin/admin-ajax.php”] [unique_id “W5gR7uhkyKbj0gy7BJZ7RgAAANE”], referer:

Not sure what to change where to fix this issue (am guessing the problem is the “…data length is larger than the configured limit (131072)…” part, but . . .

ANY help would be appreciated :slight_smile:

Linda (sid)

What is the output of following command from ssh?

cat /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf | grep SecRequestBody

this file /etc/httpd/conf/modsecurity.d/rules/tortix/modsec/tortix_waf.conf

does NOT exist. in fact, there are NO files or directories under “rules”

Because modsecurity was not installed in Plesk OR on the server.

In fact, this command:

find /etc -type f \( -iname "*.conf" \) -print0 | xargs -0 grep -Hi "SecRequestBodyNoFilesLimit"

searches EVERY config file, case insensitive, under /etc. NONE of them have SecRequestBodyNoFilesLimit

anywhere in any of the files. It just isn’t set. It would appear to just be a default, as is calling it a modsecurity error.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.