0

Hello guys I mentioned earlier that I have installed mod_security module
first everything was works fine until I've tried to upload large files
my chmod for upload dirctory was 777 and when uploading file its ends with Internal Server Error
I've changed the chmod of upload folder to 755 and now nothing can be uploaded.
what should I do in server to accept files ?
I've tried this link but still the same http://shapeshed.com/securing_upload_folders_in_php_on_unix_servers/

4
Contributors
5
Replies
25
Views
4 Years
Discussion Span
Last Post by OsaMasw
0

am able to upload small files size, but large files can't be uploaded
its either show me internal server error or The connection was reset
I''ve tried any file smaller than 50Mb its worked

0

Hello OsaMasw,

I haven't worked a lot with mod_security, but it seems it puts some limits on the uploaded files.
If i were you, i'd try and see what you can edit in mod_security: max file size, upload time, etc.
When the limit is reached, mod_security throws an error 500 (source: http://onlamp.com/pub/a/apache/2003/11/26/mod_security.html)

755 means the user can do everything with the file, but anything besides him can only read and execute it. since you're uploading files, apache will need write permissions as well. 757 should do it.
(http://www.onlineconversion.com/html_chmod_calculator.htm)

0

757 will allow everyone to write, this is not good. The directories hosting the website needs to be owned by the same user running Apache, so set:

  • 644 for directories
  • 755 for files

If it doesn't work check your configuration.

Edited by cereal

0

you can also try this... copy and save anyname.php. Upload to the public directory of your server or the location where the upload script resides.

<?php 

phpinfo(); 

?>

Direct your browser to this file e.g. yourdomain.com anyname.php. Let us know these values

  1. Server API = this could be either fast cgi, or apache module
  2. Loaded Configuration File = this is the php.ini file currently being utilized by your server, and it is responsible for practically all php related restraints
  3. post_max_size= newly installed php is normally given a default value of 2m .. I would guess in your case it is only set to 50M
  4. max_execution_time = this is the time alloted to your php applications before the server will terminate it regardless if upload is finished or not, or the script has been successfully executed or not. You may want to change this to something around 1800.. you can change this value to your needs.
  5. upload_max_filesize = What ever value you have given to the post_max_size must be given to this.

If your server API is apache module, then you will have to edit the php.ini file in the loaded configuration file location. However, there is another way of tweaking the upload limit in apache module API. This can be done by adding simple entries on .htaccess file.

Else if, your server API is a fast CGI or other derivatives of CGI, then a php.ini additional settings or modifications can be be uploaded in the directory(OR UNDER YOUR OWN DESCRETIONS) where such entries are needed by the script to function. This file has to have a php.ini file name.

A classic modification of upload file size in Apache module equiped server. This has to go on top of the .htaccess file in the root directory or in the directory where the upload processes will take place.

php_value upload_max_filesize 200M
php_value post_max_size 200M

My example above reflects the .htaccess request to modify my php.ini upload file size limit to 200MB.

For the SErvers with FAST CGI as server API, you can just create a new php.ini file ( AGAIN, this is under the descretion of the server administrator. NOrmally, most hosting companies are running a CGI/FastCGI API, and they allow users to modify the php.ini entries locally by adding a php.ini file to change values for applications to work. I am assuming here that the main server's php.ini default values are set at the very minimum, then each partitions or hosting accounts in the server are defaulted to 2M without any modification. So, for our purpose the php.ini file should have these entries...

upload_max_filesize = 200M
post_max_size = 200M

Warning! Those two above are not intrechangeable between the APACHE module and CGI/FastCGI server API's.

If you are the server administrator, For security purposes, I would let the main server php.ini file setting to remain at 2M for both the max_filesize, post_max_size, max_execution time to the least possible value, and then let the users add php.ini file to be added in thier own hosting account partitions. In any case, only this area is allowed to accept whatever the max upload is set, and can execute script as set by the max_execution time. The remaining partitions or accounts in the server remains operating at the default values set in the server's php.ini file.

0

Thanks guys for informations, I've solved the problem.
after seraching in Google I found that I must grant the Apache owner to upload files and not for everyone.
so chmod is 755
and after finding the owner of apache which is in ubuntu www-data
using

$ chown -R www-data /upload directory

that solved my problem, now I can upload files with 755 permissions.

Edited by OsaMasw

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.