logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Third-party Modules View previous topic :: View next topic
Reply to topic   Topic: mod-security, How to interrupt client request ?
Author
serg



Joined: 13 Jul 2007
Posts: 1

PostPosted: Fri 13 Jul '07 6:46    Post subject: mod-security, How to interrupt client request ? Reply with quote

I need to interrupt client request on phase 1, to be exact, when HTTP-header Content-length is greater than 100 Mb.

I found two methods how to do this:
1.
SecRule REQUEST_HEADERS:Content-Length "@ge 104857600" "phase:1,deny,redirect:http://server.com"

but this rule works only when whole body of request will be received by the server, it means that client has to wait for several seconds before he will see "http://server.com" page.

2.
SecRequestBodyLimit 104857600
ErrorDocument 413 http://server.com

but, unfortunately, if body is greater than 100 Mb, 413 status error isn't sent as it say in documentation but just connection breaks

Can anyone help me in this problem ?

I use Apache 2.0.59
Back to top


Reply to topic   Topic: mod-security, How to interrupt client request ? View previous topic :: View next topic
Post new topic   Forum Index -> Third-party Modules