500 error for big request body without files on Apache

[igoooor]

I have a form which submits base64 images, so the request body size is somewhere in the 8Mb. If I don't specify MODSEC_REQ_BODY_NOFILES_LIMIT with a big number, then I will see the modsec rule 200002 to fire. If I specify MODSEC_REQ_BODY_NOFILES_LIMIT with a big enough number (25Mb in my case), the modsec container will not show any errors, however my page will display a 500 Internal Server Error. Also, when MODSEC_REQ_BODY_NOFILES_LIMIT is not set (i.e. it uses its default value of 128Kb I believe), my web page will still show a 500 error instead of the usual 4xx, so something wrong must happen somewhere

If I don't use modsec at all, my page does not show any error. Would anyone have a clue why this is happening?

To be clear, I'm not uploading files, just big text body content. I am using the modsecurity-crs-docker container together with traefik and the acouvreur/traefik-modsecurity-plugin

[theseion]

Hi @igoooor. I don't know what the traefik plugin does. Have you tried using the image without installing the traefik plugin?

Other that that, what comes to mind is that you will probably have to also set MODSEC_REQ_BODY_LIMIT to at least the same size.

[igoooor]

I don't seem to be able to reproduce this, so I will close it for now.