4

I have 8000 checkboxes in a form being submitted. No comments on how bad that is please.

My .htaccess

php_value post_max_size 20M
php_value max_input_vars 10000
php_value suhosin.get.max_vars 10000
php_value suhosin.post.max_vars 10000
php_value suhosin.request.max_vars 10000

I am getting the Request Entity Too Large error when I submit the form.

When I had 3000 checkboxes it was working fine. Am I missing some more settings or do I need restart a service other than apache?

Aside: I checked my post size using

 postsize = $("form").not("[type='file']").serialize().length;

The result is postsize == 165655

Phil
  • 2,176
  • 10
  • 33
  • 56
  • 1
    Have you tried increasing the input variables size to something like 20000? Maybe the 10000 limit is being surpassed by your 8000 checkboxes and some other form elements. – Swashata Ghosh Jul 06 '16 at 17:19
  • just gave it a go and still same error. But also having too many checkboxes didn't give me that error when I had to increase max_inputs the first time...it just truncated the checkboxes with no error. – Phil Jul 06 '16 at 17:31
  • https://devdocs.io/apache_http_server/mod/core#limitrequestbody – hjpotter92 Jul 06 '16 at 17:38
  • @hjpotter92 I put `LimitRequestBody 0` in my `.htaccess` but it didn't do anything to solve the problem – Phil Jul 06 '16 at 18:33
  • @Phil Can you check the Apache server logs? If so, please paste the relevant line here. – hjpotter92 Jul 06 '16 at 19:02
  • @hjpotter92 doesn't seem to have a relevant error in `var/log/apache2/error.log` The last entry is from a couple of hours ago (restart) even though I hit the error page a lot very recently. – Phil Jul 06 '16 at 19:08
  • @hjpotter92 http://tny.im/51F – Phil Jul 06 '16 at 19:12
  • It might be because of `RequestReadTimeout` directive also. Though, the docs say that it'd lead to an error code 408 and not 413. – hjpotter92 Jul 06 '16 at 19:15
  • @hjpotter92 I discovered my logs were configured per site to go to a different file. Looks like ModSecurity data length needs to be raised. – Phil Jul 06 '16 at 20:11
  • See also http://stackoverflow.com/q/3718571/1741542 – Olaf Dietsche Jul 06 '16 at 20:20
  • @hjpotter92 fixed it with ` SecRequestBodyNoFilesLimit 5242880 ` I credit you for getting me to look in the logs. please post answer for me to accept. – Phil Jul 06 '16 at 20:22
  • You should answer the question yourself. You can cite these comments for reference, but it was you who dug through the actual issue, and not me. – hjpotter92 Jul 06 '16 at 20:24

1 Answers1

1

After looking in the right log files see comments in OP, I discovered modsecurity was denying the post request and googling helped me find this solution.

Increase the size allowance by adding the following to the site configuration i.e. etc/apache2/sites-available/[your_site.conf]

<IfModule mod_security2.c>
    SecRequestBodyNoFilesLimit 5242880
</IfModule>

I used an arbitrary large number but you can use whatever number you feel comfortable with...you increase exposure/severity of DOS attacks along with the size.

Phil
  • 2,176
  • 10
  • 33
  • 56