The error may be:

ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified)

This is due to the memory limit to store maximum request body size. To fix this error, we need to increase the values of the following parameters:

SecResponseBodyLimit & SecRequestBodyInMemoryLimit


Description: Configures the maximum response body size that will be accepted for buffering.
Syntax: SecResponseBodyLimit LIMIT_IN_BYTES
Example Usage: SecResponseBodyLimit 524228
Scope: Any
Version: 2.0.0
Supported on libModSecurity: Yes
Default: 524288 (512 KB)
Anything over this limit will be rejected with status code 500 (Internal Server Error). This setting will not affect the responses with MIME types that are not selected for buffering. There is a hard limit of 1 GB.


Description: Configures the maximum request body size that ModSecurity will store in memory.
Syntax: SecRequestBodyInMemoryLimit LIMIT_IN_BYTES
Example Usage: SecRequestBodyInMemoryLimit 131072
Scope: Any
Version: 2.0.0
Supported on libModSecurity: Yes
Default: 131072 (128 KB)
When a multipart/form-data request is being processed, once the in-memory limit is reached, the request body will start to be streamed into a temporary file on disk.

First, locate the ModSecurity configuration file. For a cPanel server, it’s located under /usr/local/apache/conf.[/usr/local/apache/conf]# ll modsec2.conf
-rw------- 1 root root 882 Dec 9 15:39 modsec2.conf

Open the configuration file with your favorite text editor and add the following entries:

SecResponseBodyLimit 546870912
SecRequestBodyInMemoryLimit 546870912

If the entries are already there, try to increase its value.

Then “restart” web server.

/etc/init.d/httpd restart


service httpd restart


Was this answer helpful? 0 Users Found This Useful (0 Votes)