It was a WordPress website.
The client had a complaint about the slowness while logging into this WordPress website’s dashboard. The website was configured with CloudFlare DNS. After a quick inspection, I suggest him to disable the CloudFlare CDN for his main domain.
This domain was using CloudFlare SSL too. The website was loading without any slowness, only problem with Dashboard.
I checked the Web server’s (Apache) error log and noticed the following errors:
[Wed Aug 09 15:33:48 2017] [error] [client 220.127.116.11] ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified). [hostname "domain.com"] [uri "/wp-admin/index.php"] [unique_id "WYtjmkSr2WIAAcbwMwAAAAAJ"] [Wed Aug 09 15:33:59 2017] [error] [client 18.104.22.168] ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified). [hostname "domain.com"] [uri "/wp-admin/index.php"] [unique_id "WYtjnkSr2WIAAcgXULgAAAAL"]
Yeah, the ModSecurity was the offender, LOL!! Actually, the WAF (Web Application Firewall) ModSecurity was disabled on that domain.
How to disable Mod security rule for a domain in cPanel server?
Mod security is an Apache module that helps to protect your website from various attacks. It is used to block commonly known exploits using regular expressions and rule sets. It blocks injection attacks which secure your server. We use mod_security1 for Apache1.x and mod_security2 for Apache2.x. In case of mod_security1, we can disable mod_security for a domain using .htaccess file. Read more…
Here the error is:
ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified)
This is due to the memory limit to store maximum request body size. To fix this error, we need to increase the values of following parameters:
SecResponseBodyLimit & SecRequestBodyInMemoryLimit
Description: Configures the maximum response body size that will be accepted for buffering. Syntax: SecResponseBodyLimit LIMIT_IN_BYTES Example Usage: SecResponseBodyLimit 524228 Scope: Any Version: 2.0.0 Supported on libModSecurity: Yes Default: 524288 (512 KB) Anything over this limit will be rejected with status code 500 (Internal Server Error). This setting will not affect the responses with MIME types that are not selected for buffering. There is a hard limit of 1 GB.
Description: Configures the maximum request body size that ModSecurity will store in memory. Syntax: SecRequestBodyInMemoryLimit LIMIT_IN_BYTES Example Usage: SecRequestBodyInMemoryLimit 131072 Scope: Any Version: 2.0.0 Supported on libModSecurity: Yes Default: 131072 (128 KB) When a multipart/form-data request is being processed, once the in-memory limit is reached, the request body will start to be streamed into a temporary file on disk.
First, locate the ModSecurity configuration file. For a cPanel server, it’s located under /usr/local/apache/conf.
email@example.com[/usr/local/apache/conf]# ll modsec2.conf -rw------- 1 root root 882 Aug 9 15:39 modsec2.conf
Open the configuration file with your favorite text editor and add the following entries:
SecResponseBodyLimit 546870912 SecRequestBodyInMemoryLimit 546870912
If the entries are already there, try to increase its value.
Then “restart” web server.
/etc/init.d/httpd restart Or service httpd restart
Try to load the dashboard again. It should load faster as expected!!
Let me know your suggestions as comments.