Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: mod-security, How to interrupt client request ? |
|
| Author |
|
serg
Joined: 13 Jul 2007
Posts: 1
|
 Posted: Fri 13 Jul '07 6:46 Post subject: mod-security, How to interrupt client request ? |
 |
|
I need to interrupt client request on phase 1, to be exact, when HTTP-header Content-length is greater than 100 Mb.
I found two methods how to do this:
1.
SecRule REQUEST_HEADERS:Content-Length "@ge 104857600" "phase:1,deny,redirect:http://server.com"
but this rule works only when whole body of request will be received by the server, it means that client has to wait for several seconds before he will see "http://server.com" page.
2.
SecRequestBodyLimit 104857600
ErrorDocument 413 http://server.com
but, unfortunately, if body is greater than 100 Mb, 413 status error isn't sent as it say in documentation but just connection breaks
Can anyone help me in this problem ?
I use Apache 2.0.59 |
|
| Back to top |
|
|
|
|
|
|
