Browse by Category

360 Monitoring
15
AccelerateWP
12
Account & Billing
87
Backups
25
Cloudflare FAQs
21
CodeGuard Backup
0
cPanel & WHM
127
cPanel Databases
10
cPanel File Manager
36
cPanel Git
0
cPanel Resellers
12
Domain & DNS
115
Drupal
1
Email Hosting
86
FAQs
7
Joomla
2
Koality
0
Linux Administration
117
Plesk
97
Reseller Hosting
40
SEO Optimization
2
Sitejet
0
SiteLock
11
SitePad
1
Softaculous
45
SolusVM
0
Spam Experts
20
SSL/TLS
1
Web Apps
1
Web Hosting Addons
3
Website Security
66
Webuzo
0
Weebly Builder
6
WHMCS
35
WordPress
90
WP Squared
30
XOVI SEO
5

  Browse by Category

  Idea Storm

wordpress beginner wordpress tutorial wordpress guide wordpress hosting wp squared web hosting wp plugin phpMyAdmin cpanel hosting dns file manager backups terminal cli domain forwarding cloudflare User Management Permissions cPanel Web Hosting Security cPanel UAPI Server Migration Apache Directives Apache Migration htaccess PHP End of Life PHP CGIEmail Web Scripting Security Vulnerabilities Scripting Languages cPanel Email Management Web Hosting Management Email Quotas cPanel Interface Account Management cPanel Login cPanel Security Two-Factor Authentication Login Issues Cloudflare Configuration Troubleshooting Tips Domain Forwarder Email Forwarding File Management cPanel File Manager File Deletion Custom Error Pages cPanel Error Pages HTTP Status Codes Git Version Control Command Line (CLI) cPanel Metrics Awstats Resource Utilization Webalizer Website Statistics Email Configuration Email Ports cPanel Email Accounts cPanel Subdirectory Web Hosting Manager cPanel Webmail Mod_Pagespeed FTP Accounts Website Management File Sharing Team Collaboration Security SSH cPanel Backup IP Blocking Website Security Website Protection Email Security Multi-Factor Authentication cPanel Language SPF DKIM DMARC Email Deliverability cPanel Email Forwarding SFTP cPanel Team User User Roles cPanel Permissions DNSSEC DNS Security Domain Alias Addon Domains cPanel File Management Subdomains Alias Domains Email Autoresponders Mailing Lists Image Optimization Website Performance Image Editing Troubleshooting Browser Cache cPanel Terminal Command-Line Interface Data Security Download Files File Compression Website Migration DNS Management Website File Editing Text Editors ModPagespeed Website Optimization Domain Alias Redirection Website Traffic Management Domain Redirection SSL/TLS Certificate Installation AutoSSL Troubleshooting HTTPS Encryption cPanel SSL/TLS Status Secure Website Traffic File Extraction File Upload SSL/HTTPS Performance Optimization SSL/HTTPS Redirection Domain Hosting DNS Configuration Domain Security cPanel Zone Editor cPanel Username cPanel Password cPanel Access WebHostingM Support WHM Access Reseller Control Panel Web Host Manager Reseller Hosting Webmail Login Email Management Webmail Access cPanel Login Accessing cPanel cPanel Sub-Accounts Access Control SSH Login Security Enhancement CDN Integration WordPress Optimization API Key Management Payment Billing Promotional Credits Coupons Hosting Orders Verification Auto-Renewals Late Fees Bandwidth GST WebSpace SEPA PayPal Cancellation Suspension Email Address Password Reset Refunds Money-Back Guarantee Domain Transfer Domain Renewals Upgrade Paystack Hosting Support Language VAT Taxes Discounts Credit Card ACH Invoices Hosting Trial AccelerateWP WordPress XML-RPC FTP/SFTP REST API WordPress Toolkit Softaculous PHP X-Ray WordPress Plugins Databases Wo Plesk mod_lsapi CloudLinux Google Workspace mod_security nginx Imunify360 Joomla Drupal CodeGuard Jetbackup Roundcube BoxTrapper Horde Domain Management WHM Domain Registration Domain Suspension PowerDNS rDNS CNAME BIND MySQL Inodes WordPress Migration MTA-STS 2FA Dedicated IP Support Ticket SitePad Website Builder 301 Redirect Naked Domain Redirect WHMCS Cron WHMCS License WHMCS Security WHMCS Automation WHMCS Migration SEO XOVI Now Weebly Website Builder SpamExperts SiteLock ModSecurity Fail2Ban phpinfo SpamAssassin atop Plesk PHP settings Migration Firewall PHP Configuration Plesk File Manager Plesk FTP AlegroCart Backup Restoration Scheduled Backup Hostname Postfix SMTP CageFS OpCache EasyApache 4 WebHostingM Name Servers Contact Information Management Search Engine Indexing Email Issues catch-all-address Quota Plesk Security error-troubleshooting cPanel Redirects .htaccess configuration server monitoring uptime 360 Monitoring Ubuntu mod_evasive LiteSpeed Apache Server Security Apache Security cPanel WHM Payment Method Stripe cPanel WordPress WP CLI

  Support

Your Support Tickets
News & Announcements
Knowledgebase
Downloads
Network Status
New Ticket

How To Fix "Larger Than The Configured Limit" Error During File Uploads in cPanel & WHM Print

  • cPanel, File Sharing, File Management, File Upload
  • 0

After updating to Apache 2.4.54, you may encounter file upload failures for files larger than 1GB with a "Request Entity Too Large" error or similar message in the logs. This guide explains the cause of the issue and provides a workaround for setting the LimitRequestBody directive to allow larger uploads.

Error Symptoms

When attempting to upload files larger than 1GB, you may see the following error in your logs:


Requested content-length of 1128468864 is larger than the configured 
limit of 1073741824

This error may also appear as a 413 Request Entity Too Large error. If you're using mod_lsapi with CloudLinux, the error may look like:


[Fri Sep 16 13:22:16.553705 2022] [lsapi:error] [pid 678:tid 473404] 
[client xx.xx.xx.xx:62422] mod_lsapi: [host domain.com] 
[req POST /upload.php HTTP/1.1] ap_client_block failed: 413,

Description

In Apache versions 2.4.53 and earlier, the LimitRequestBody directive was set to unlimited by default. However, beginning with Apache 2.4.54, this limit is capped at 1GB. If you attempt to upload files exceeding this limit, you may see a 413 error or a content-length error in the logs.

For additional information, refer to the Apache documentation on LimitRequestBody.

Workarounds

Method 1: Update the LimitRequestBody in the .htaccess File for One Website

  1. Access the .htaccess File
    Navigate to the website's public_html directory using cPanel File Manager, SSH, or FTP, and open the (dot)htaccess file for editing.
  2. Add the LimitRequestBody Directive
    Add the following line to set a higher upload limit: 
    LimitRequestBody 2073741824
    This value sets the limit to 2GB.
  3. Save and Close the File
    After saving, this configuration will apply immediately to the website.

 

Method 2: Apply LimitRequestBody Setting Globally for All Websites

  1. Edit the Global Apache Configuration
    Open the Apache include file to apply the setting globally. In SSH, open /etc/apache2/conf.d/includes/pre_virtualhost_global.conf: 
    sudo vim /etc/apache2/conf.d/includes/pre_virtualhost_global.conf
  2. Set LimitRequestBody
    Add or update the following line to increase the default limit: 
    LimitRequestBody 2073741824
    This adjustment will increase the limit to 2GB for all hosted websites.
  3. Test the Configuration
    Run a syntax test to ensure no errors: 
    apachectl configtest
    If the output is "Syntax OK," proceed to the next step. If there are syntax errors, resolve them before continuing.
  4. Restart Apache
    Restart Apache to apply the new configuration. Use the following command: 
    /scripts/restartsrv_httpd

 

Method 3: Apply the Setting via WHM

If you're using WHM, you can apply the LimitRequestBody setting globally by navigating to Service Configuration > Apache Configuration > Include Editor and adding the directive under Pre Main Include or Pre VirtualHost Include for the desired Apache version.

Why Use Include Files?

cPanel include files provides a way to set configuration values that aren't available in WHM's main “Apache Configuration” interface or in (dot)htaccess files. Using include files ensures that your customizations remain intact during updates and allow for greater flexibility in server settings.

Steps to Modify Apache Configuration with Include Files

  1. Access the Include Editor in WHM
    In your WHM dashboard, navigate to: 
    WHM > Service Configuration > Apache Configuration > Include Editor
  2. Select Pre VirtualHost Include
    Under the Include Editor, select All Versions in the Pre VirtualHost Include section. This setting applies your customizations to all versions of Apache.
  3. Add Custom Configuration Settings
    Add your desired configuration changes in the editor. For example, to set specific limits, you can use the following directives: 
    
LimitRequestFieldSize 8190
LimitRequestBody 2073741824
    • LimitRequestFieldSize - Sets the maximum size of any request header field.
    • LimitRequestBody - Sets the maximum size of the request body, allowing larger uploads.
  4. Save Changes
    After entering the configuration changes, click Update to save.
  5. Check Syntax and Restart Apache
    Run a syntax check to ensure there are no errors in the configuration. If the syntax is correct, restart Apache to apply the changes: 
    /scripts/restartsrv_httpd
    If errors are detected, resolve them before attempting to restart Apache.

Considerations Against Setting High Values for LimitRequestFieldSize and LimitRequestBody

Increasing LimitRequestFieldSize and LimitRequestBody in Apache to higher values, such as 8190 and 2073741824, respectively, may resolve some functional limitations for certain applications, but there are security and resource-related concerns with these higher limits. Here’s an overview of potential drawbacks.

1. Increased Risk of Denial-of-Service (DoS) Attacks

Higher values for LimitRequestFieldSize and LimitRequestBody increase vulnerability to denial-of-service (DoS) attacks. Allowing large headers or request bodies opens the door for malicious actors to send oversized, resource-draining requests, impacting server performance and availability. Key issues include:

  • Resource Exhaustion - Large request bodies require more memory and processing time, risking slowdowns or crashes under high traffic or deliberate abuse.
  • DoS Attack Surface - Large LimitRequestBody settings enable attackers to overload the server with numerous substantial requests, leading to denial of service.

2. Potential Buffer Overflow and Security Risks

Higher LimitRequestFieldSize values can also make servers more susceptible to buffer overflow attacks, especially in scenarios where applications are not optimized to handle exceptionally large headers. Buffer overflows could allow attackers to inject malicious code or cause unpredictable application behavior. Concerns include:

  • Buffer Overflows in Legacy Applications - Older or poorly designed applications may not be resilient to larger header sizes, leading to exploitable overflow vulnerabilities.
  • Expanded Attack Surface - Each header field size increase exposes the server to more potential exploits, especially if application components are not rigorously tested with larger data inputs.

3. Increased Server Resource Consumption

Large values for LimitRequestBody and LimitRequestFieldSize lead to higher resource consumption. Large uploads and headers use more memory and CPU resources, potentially impacting the performance of other services and causing latency or instability under load. Key points include:

  • CPU and Memory Usage - Large files and headers increase memory allocation and processing demands, potentially reducing performance for other services.
  • Disk I/O Impact - Handling larger request bodies can affect disk input/output (I/O), slowing down responses for other requests and affecting user experience.

Summary

These changes should allow large file uploads to proceed normally.

Using the Pre VirtualHost Include option ensures that your settings are applied before the main VirtualHost configurations, impacting all sites hosted on the server. This method is ideal for server-wide configurations where uniform settings are required.

Adjusting LimitRequestFieldSize and LimitRequestBody to controlled yet higher values allows your server to handle legitimate, larger requests. Yet, it is important to ensure that your server's resources (such as memory and storage) can handle large files, as increased upload limits can impact performance.

Also note that while increasing these values can support certain application requirements, weighing these against potential security and resource-related issues is essential. Lower values are generally safer and reduce the risk of server overload, DoS vulnerabilities, and buffer overflow attacks.

Disclaimer

Always test configuration changes in a staging cPanel & WHM environment and verify compatibility with your server requirements. Refer to the latest WHM and Apache documentation for details on configuration limits and best practices.

Did this answer help?

Related Articles

How To Create New Users Or Add Team Users to Your WebHostingM cPanel Learn how to create and manage new users in cPanel using the Manage Team feature.  This... Changes To Keep in Mind When cPanel Migrating from Apache 2.2 to Apache 2.4 Learn how to migrate your application running on an old Apache 2.2 server to a newer Apache 2.4+... Can I Host A Website with Old PHP Versions with WebHostingM? Learn how to migrate PHP applications to a hosting platform supporting PHP versions 7.4 to 8.3.... Can I Use the CGIEmail Script on WebHostingM? Discover why using the CGIEmail script on WebHostingM is not recommended. Learn about the... How To Manage Email Account Quotas in cPanel Learn how to set a quota for email accounts in cPanel to manage mailbox storage effectively....
« Back

  Idea Storm

wordpress beginner wordpress tutorial wordpress guide wordpress hosting wp squared web hosting wp plugin phpMyAdmin cpanel hosting dns file manager backups terminal cli domain forwarding cloudflare User Management Permissions cPanel Web Hosting Security cPanel UAPI Server Migration Apache Directives Apache Migration htaccess PHP End of Life PHP CGIEmail Web Scripting Security Vulnerabilities Scripting Languages cPanel Email Management Web Hosting Management Email Quotas cPanel Interface Account Management cPanel Login cPanel Security Two-Factor Authentication Login Issues Cloudflare Configuration Troubleshooting Tips Domain Forwarder Email Forwarding File Management cPanel File Manager File Deletion Custom Error Pages cPanel Error Pages HTTP Status Codes Git Version Control Command Line (CLI) cPanel Metrics Awstats Resource Utilization Webalizer Website Statistics Email Configuration Email Ports cPanel Email Accounts cPanel Subdirectory Web Hosting Manager cPanel Webmail Mod_Pagespeed FTP Accounts Website Management File Sharing Team Collaboration Security SSH cPanel Backup IP Blocking Website Security Website Protection Email Security Multi-Factor Authentication cPanel Language SPF DKIM DMARC Email Deliverability cPanel Email Forwarding SFTP cPanel Team User User Roles cPanel Permissions DNSSEC DNS Security Domain Alias Addon Domains cPanel File Management Subdomains Alias Domains Email Autoresponders Mailing Lists Image Optimization Website Performance Image Editing Troubleshooting Browser Cache cPanel Terminal Command-Line Interface Data Security Download Files File Compression Website Migration DNS Management Website File Editing Text Editors ModPagespeed Website Optimization Domain Alias Redirection Website Traffic Management Domain Redirection SSL/TLS Certificate Installation AutoSSL Troubleshooting HTTPS Encryption cPanel SSL/TLS Status Secure Website Traffic File Extraction File Upload SSL/HTTPS Performance Optimization SSL/HTTPS Redirection Domain Hosting DNS Configuration Domain Security cPanel Zone Editor cPanel Username cPanel Password cPanel Access WebHostingM Support WHM Access Reseller Control Panel Web Host Manager Reseller Hosting Webmail Login Email Management Webmail Access cPanel Login Accessing cPanel cPanel Sub-Accounts Access Control SSH Login Security Enhancement CDN Integration WordPress Optimization API Key Management Payment Billing Promotional Credits Coupons Hosting Orders Verification Auto-Renewals Late Fees Bandwidth GST WebSpace SEPA PayPal Cancellation Suspension Email Address Password Reset Refunds Money-Back Guarantee Domain Transfer Domain Renewals Upgrade Paystack Hosting Support Language VAT Taxes Discounts Credit Card ACH Invoices Hosting Trial AccelerateWP WordPress XML-RPC FTP/SFTP REST API WordPress Toolkit Softaculous PHP X-Ray WordPress Plugins Databases Wo Plesk mod_lsapi CloudLinux Google Workspace mod_security nginx Imunify360 Joomla Drupal CodeGuard Jetbackup Roundcube BoxTrapper Horde Domain Management WHM Domain Registration Domain Suspension PowerDNS rDNS CNAME BIND MySQL Inodes WordPress Migration MTA-STS 2FA Dedicated IP Support Ticket SitePad Website Builder 301 Redirect Naked Domain Redirect WHMCS Cron WHMCS License WHMCS Security WHMCS Automation WHMCS Migration SEO XOVI Now Weebly Website Builder SpamExperts SiteLock ModSecurity Fail2Ban phpinfo SpamAssassin atop Plesk PHP settings Migration Firewall PHP Configuration Plesk File Manager Plesk FTP AlegroCart Backup Restoration Scheduled Backup Hostname Postfix SMTP CageFS OpCache EasyApache 4 WebHostingM Name Servers Contact Information Management Search Engine Indexing Email Issues catch-all-address Quota Plesk Security error-troubleshooting cPanel Redirects .htaccess configuration server monitoring uptime 360 Monitoring Ubuntu mod_evasive LiteSpeed Apache Server Security Apache Security cPanel WHM Payment Method Stripe cPanel WordPress WP CLI

  Support

Your Support Tickets
News & Announcements
Knowledgebase
Downloads
Network Status
New Ticket

Trusted by over 35,000 customers in over 200 countries