SecRequestBodyLimitAction ProcessPartial truncated POST data for mod_proxy when the SecRequestBodyLimit is exceeded #406
Description
MODSEC-252: Config:
SecRuleEngine DetectionOnly
SecRequestBodyAccess On
SecRequestBodyLimit 10
Result with big POST:
proxy host:
[Tue Jun 07 10:40:51 2011] [error] [client a.b.c.d] ModSecurity: Request body (Content-Length) is larger than the configured limit (10). [hostname "test"] [uri "/test"] [unique_id "Te3kEwoNzNMAACBtAX0AAAAA"]
the request is then passed to the mod_proxy_balancer and to the another host (HTTP Backend) but the application on that hosts gets corrupted data - data is truncated to the SecRequestBodyLimit.
I've also tried setting "SecRuleEngine On" with "SecRequestBodyLimitAction ProcessPartial" but the result is the same - proxied POST data is corrupted.
Removing SecRuleEngine from the configuration couses proxying without any problems.
I'd like to add that low SecRequestBodyLimit is essential for me.