From 14a78b852040f1da863645526af32c0a51d8e527 Mon Sep 17 00:00:00 2001 From: Victor Hora Date: Tue, 22 Aug 2017 17:23:45 -0400 Subject: [PATCH] Update to reflect changes to SecRequestBodyInMemoryLimit for libModSecurity --- Reference-Manual.mediawiki | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Reference-Manual.mediawiki b/Reference-Manual.mediawiki index a109eed..3ffbd0b 100644 --- a/Reference-Manual.mediawiki +++ b/Reference-Manual.mediawiki @@ -1228,14 +1228,16 @@ This directive is required if you want to inspect the data transported request b '''Scope:''' Any -'''Version:''' 2.0.0 +'''Version:''' 2.0.0-2.9.x -'''Supported on libModSecurity:''' Yes +'''Supported on libModSecurity:''' No '''Default:''' 131072 (128 KB) When a multipart/form-data request is being processed, once the in-memory limit is reached, the request body will start to be streamed into a temporary file on disk. +; Note : libModSecurity is able to deal with request body in a file or in a buffer (chunked or not). Web servers have properties which controls whenever a request should be saved to a file or used as a buffer (e.g. client_body_buffer_size [https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size]) . If it is a file, ModSecurity will use the file to perform the inspection. If not, the buffer will be used. + == SecRequestBodyLimit == '''Description:''' Configures the maximum request body size ModSecurity will accept for buffering.