How to limit size of uploaded file with LimitRequestBody and proxypass?

Question

I want to generate a "Request Entity Too Large" error when users upload very big files on my server. With mod-php, this is simply:

<FilesMatch "^(upload|replace)$">
 LimitRequestBody 3000000
</FilesMatch>

With php-fpm, I tried"

<LocationMatch "^/(upload|replace)$">
 LimitRequestBody 3000000
</LocationMatch>

But, it didn't work. Next, I tried setting a proxy environment variable in VirtualHost:

SetEnv proxy-sendchunked
ProxyPassMatch ^/([^\.]+)$ fcgi://127.0.0.1:9000${docroot}/$1

It didn't work too. Can anyone tell me how to achieve this? Thanks.

Answer 1

Following @rjewell's suggestion, you'll need to configure mod_security on your apache proxy. Add the following directives to your VirtualHost that should be protected:

# Enable request processing
SecRuleEngine On
# enable inspection of request bodies
SecRequestBodyAccess On
# set actual request size limit
SecRequestBodyLimit 3000000
# actually generate an HTTP error, instead of truncating
SecRequestBodyLimitAction Reject
# Avoid big request bodies that do not try to upload files
SecRequestBodyNoFilesLimit 1048576
# tune memory usage
SecRequestBodyInMemoryLimit 131072

You can read more on the directives in mod_security's reference.

Depending on your use-case, consider the following points:

• Allocate more or less memory per upload request by changing the InMemoryLimit
• Allow larger non-upload requests with the NoFilesLimit