Here’s a quick article on an error that the blog has been running into over the weekend. While hard at work on our farming RPG tutorials, we ran into an error when trying to save or publish our (very large) accompanying articles for the videos.
Not a file upload error
If you were to do a Google search using the terms found in this article, you will find a lot of results telling you that this error is related to file uploads in WordPress. This is not the problem we were having, but if your issue came from a file upload, then your error is happening because you are trying to upload a file larger than PHP allows.
To rectify this, you will have to head to php.ini in your server, and increase the following limits so that it is larger than the file you are uploading:
upload_file_maxsize: The maximum size of a file that your website can receive.post_max_size: This determines how much data can be sent to your website in a single post request. Since files are always submitted as part of the post request, this needs to be larger than or at least equal toupload_file_maxsize.memory_limit: This is the total amount of memory that PHP is allowed to use on your server. This should at least be equal topost_max_size, but practically speaking, it should be significantly larger than both the values above.
If your website has cPanel access, you will have to update php.ini through your cPanel. Below is a video that goes through how to do it.
If you have ModSecurity running on your server, read further on, as you will also need to make sure that your file uploads meet the limits set in ModSecurity.
Article continues after the advertisement:
The error: ModSecurity is restricting the files
Looking into our log files, we found the following message:
/var/log/apache2/error.log
[client 1.2.3.4] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413)
Essentially, it is saying that ModSecurity has denied the data that WordPress is sending in and responding with a HTTP 413 error.
To rectify this, we will have to head into ModSecurity’s configurations. In most Linux / Unix-based distributions, you should be able to find the configuration files in /etc/modsecurity/modsecurity.conf.
The attributes you are interested in are the following:
/etc/modsecurity/modsecurity.conf
SecRequestBodyLimit 128107200 SecRequestBodyNoFilesLimit 131072
The attributes restrict 2 things:
SecRequestBodyLimitrestricts the size of post requests with files.SecRequestBodyNoFilesLimitrestricts the size of post requests without files.
As saving a WordPress post does not require the saving of files, the size of our posts was limited to a mere 131072 bytes (about 128 kB). Hence, increasing the SecRequestBodyNoFilesLimit solved our problems.
If your error is caused by a file upload, you will have to also increase the SecRequestBodyLimit value, in addition to increasing the limits listed above.
Conclusion
If you don’t have direct access to the ModSecurity configurations in your server (i.e. you are running on a cPanel web host), you will have to log in to cPanel to change your ModSecurity settings. You can also consider disabling ModSecurity altogether.
Leave a comment if you have any other solutions to share!
Article continues after the advertisement:
