How to Fix the Error – ModSecurity: Access denied with code 44 [Apache]

Question: I was trying to upload a PDF file of size 2MB in MediaWiki and hit with 500 internal server error and this error seems to occur whenever I upload a larger file. I quickly verified php.ini, which had the below values:

upload_max_filesize = 32M
post_max_size = 20M

and below is the snapshot of httpd error_log.

ModSecurity: Access denied with code 44 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required.

I’m using Apache and MediaWiki version 1.23.

increase file upload limit

Solution:

The maximum file upload size and POST size can be controlled in two ways – via php.ini and mod_security extension.

Check whether the web server is enabled with mod_security extension as shown below:

# apachectl -M |grep security

You may also look for modsecurity.d folder under /etc/httpd and mod_security.conf file in /etc/httpd/conf.d/. (the Apache installation path might be different in your system).

Note: By default, mod_security is enabled in Apache and it loads few recommended configurations as well.

Open /etc/httpd/conf.d/mod_security.conf file and lookout for the below line:

SecRuleEngine On

You may turn Off SecRuleEngine (SecRuleEngine Off) or adjust the values of SecRequestBodyLimit and SecRequestBodyNoFilesLimit.

Warning: It’s not a good practice to disable mod_security, as it’s a web application firewall that prevents SQL Injection, cross site scripting attack, session hijacking, bad user agents and other malicious bots. Instead, adjust the below variables.

SecRequestBodyLimit 13107200          #12.5 MB
SecRequestBodyNoFilesLimit 131072  #128kb

Once done, you need to restart the Apache web server

# /etc/init.d/httpd restart

In case, if you are using a shared web hosting and does not have administrator privilege to restart the web server, then you can create .htaccess file as shown below.

#Using .htaccess file to turn Off SecRuleEngine

<IfModule mod_security.c>
 <Files async-upload.php>
 SecFilterEngine Off
 SecFilterScanPOST Off
 </Files>
 </IfModule>

The above snippet will turn of async-upload.php. That’s it!


Related Content
vps germany
Disclaimer: The content published in this article is the views of the author only. Techglimpse does not gurantee accuracy, completness or validity. If you believe the content on this post violates your copyright, please send us a mail for removal. Read more.