Sling Academy
Home/DevOps/Apache: How to Control Max Upload File Size

Apache: How to Control Max Upload File Size

Last updated: January 22, 2024

Table of Contents

  1. Introduction
    1. Understanding Apache Configuration Files
  2. Adjusting php.ini for PHP Applications
  3. Configuring Apache Directives
  4. Error Handling
  5. Multipart Requests and ModSecurity
  6. Testing Configuration Changes
  7. Conclusion

Introduction

Working with Apache web server often requires a tailored configuration to meet the specific needs of an application or website. Among the various configuration settings, controlling the maximum file upload size is a common requirement, especially in environments where users are supposed to upload files. This tutorial explores how to configure Apache to control the maximum upload file size by adjusting various directives in its configuration files.

Understanding Apache Configuration Files

Before we dive into how to set the maximum upload file size, it’s important to understand where these settings live. Apache’s configuration is generally located in the httpd.conf or in supplemental files that it includes, like extra/httpd-vhosts.conf for virtual hosts or .htaccess files within specific directories.

Adjusting php.ini for PHP Applications

If your Apache server is serving a PHP application, file uploads are often controlled by PHP configuration settings. The following directives in the php.ini file are relevant for controlling file uploads:

  • upload_max_filesize: Defines the maximum size of an uploaded file.
  • post_max_size: Defines the maximum size of POST data allowed, encompassing the aggregate size of files and form data.

To change these values, you can edit the php.ini file like so:

upload_max_filesize = 10M
post_max_size = 20M

Note that post_max_size should be larger than upload_max_filesize to facilitate the upload of multiple files at once.

Configuring Apache Directives

In cases where file upload is not going through PHP or another scripting language, or you need to enforce limits at the web server level, you can configure Apache directly. The LimitRequestBody directive allows you to restrict the size of all forms of HTTP POST request bodies, including file uploads. This can be set either in the main Apache configuration file, vhost files, or .htaccess files.

<IfModule mod_core.c>
    LimitRequestBody 10485760
</IfModule>

The above code snippet sets the maximum upload size to 10 megabytes. Apache accepts this value in bytes, and 10 megabytes translate to 10 * 1024 * 1024 = 10485760 bytes.

Error Handling

When file uploads exceed the defined limits, Apache will return an error. You can customize how your server handles these errors, by modifying or adding an ErrorDocument line in your Apache configuration:

ErrorDocument 413 /custom-413.html

This directive will display a custom 413 error page to the user attempting the upload, rather than the default server message.

Multipart Requests and ModSecurity

If you are using ModSecurity, an open-source Web Application Firewall (WAF), there are additional considerations. ModSecurity might block multipart requests that exceed a size threshold. To adjust this, locate the ModSecurity configuration file (often called modsecurity.conf) and change the SecRequestBodyLimit and SecRequestBodyNoFilesLimit directives:

SecRequestBodyLimit 10485760
SecRequestBodyNoFilesLimit 1048576

The limits set here work analogously to the post_max_size setting in PHP, as they include both file and non-file data. Remember to reload or restart Apache after making any changes to these configuration files to apply the updates.

Testing Configuration Changes

After making changes to the configuration, it is essential to test them. You can use the curl command line utility to simulate a file upload:

curl -F "file=@/path/to/your/testfile.jpg" http://your-domain.com/upload-path

If the upload succeeds, you’re in good shape. If it fails, double-check the changes made in the configuration files and ensure that Apache has been reloaded or restarted.

Conclusion

Controlling the maximum file upload size in Apache is critical for server optimization, security, and proper resource allocation. Whether by tweaking PHP configurations for scripts or adjusting Apache’s own directives, server administrators can enforce upload size restrictions that align with their organizational policies and technical requirements. Always make sure to verify changes with tests and consider implementing proper error handling to provide a better user experience.

Remember that in a production environment, it’s always prudent to back up your configuration files before making any changes, and document your modifications for future reference. With the guidance provided in this tutorial, you should now be well-equipped to manage your Apache server’s file upload size settings efficiently.

Next Article: Apache Indexes Option: Explained with Examples

Previous Article: Apache .htaccess: How to add/remove trailing slash in URLs

Series: Apache Tutorials

DevOps

You May Also Like

  • How to reset Ubuntu to factory settings (4 approaches)
  • Making GET requests with cURL: A practical guide (with examples)
  • Git: What is .DS_Store and should you ignore it?
  • NGINX underscores_in_headers: Explained with examples
  • How to use Jenkins CI with private GitHub repositories
  • Terraform: Understanding State and State Files (with Examples)
  • SHA1, SHA256, and SHA512 in Terraform: A Practical Guide
  • CSRF Protection in Jenkins: An In-depth Guide (with examples)
  • Terraform: How to Merge 2 Maps
  • Terraform: How to extract filename/extension from a path
  • JSON encoding/decoding in Terraform: Explained with examples
  • Sorting Lists in Terraform: A Practical Guide
  • Terraform: How to trigger a Lambda function on resource creation
  • How to use Terraform templates
  • Understanding terraform_remote_state data source: Explained with examples
  • Jenkins Authorization: A Practical Guide (with examples)
  • Solving Jenkins Pipeline NotSerializableException: groovy.json.internal.LazyMap
  • Understanding Artifacts in Jenkins: A Practical Guide (with examples)
  • Using Jenkins with AWS EC2 and S3: A Practical Guide