Dropzone 多次上传返回了 403 禁止访问。

huangapple go评论68阅读模式
英文:

Dropzone multiple uploads returned 403 forbidden

问题

I'm implementing multiple upload for 25 files at once using Dropzone and Laravel.
On my development server, the code runs well. 25 files, all successful.
However, on my production server, 5 files are ok. More than 5 files, there will be few returned with 403 Forbidden error.

I already configured php.ini

upload_max_filesize = 50MB
post_max_size = 50MB

and the tested files didn't reach 5MB actually.

There is no LimitRequestBody setting in httpd.conf.

The form is included with @csrf.

Where else should I look into?

After couple of days, I came across this line in apache modsec_audit.log

Apache-Error:  
[level 3] client denied by server configuration: /var/www/myapp/public/api

That points directly to the error.
Now I need advice on how to configure mod_evasive to handle dropzone multiple upload.

英文:

I'm implementing multiple upload for 25 files at once using Dropzone and Laravel.
On my development server, the code runs well. 25 files, all successful.
However, on my production server, 5 files are ok. More than 5 files, there will be few returned with 403 Forbidden error.

I already configured php.ini

upload_max_filesize = 50MB
post_max_size = 50MB

and the tested files didn't reach 5MB actually.

There is no LimitRequestBody setting in httpd.conf.

The form is included with @csrf.

Where else should I look into?

After couple of days, I came across this line in apache modsec_audit.log

Apache-Error:  
[level 3] client denied by server configuration: /var/www/myapp/public/api

That points directly to the error.
Now I need advice on how to configure mod_evasive to handle dropzone multiple upload.

答案1

得分: 2

I think this is from Apache's mod_evasive module. This module protects against DDoS attacks by limiting the number of requests a single IP address can make quickly.

You can do two options in this

Option 1

Modify the mod_evasive configuration in your apache.

  1. DOSPageCount: This is the number of requests for the same page.

  2. DOSSiteCount: Requests for any object by the same client on the same listener per site interval.

    DOSPageCount 30
    DOSSiteCount 30
    

Option 2

Add parallelUploads option to the Dropzone

Dropzone.options.myDropzone = {
    parallelUploads: 5,  // According to your mod_evasive limit
}
英文:

>I think this is from Apache's mod_evasive module. This module protects against DDoS attacks by limiting the number of requests a single IP address can make quickly.

You can do two options in this


Option 1

Modify the mod_evasive configuration in your apache.

  1. DOSPageCount: This is the number of requests for the same page.

  2. DOSSiteCount: Requests for any object by the same client on the same listener per site interval.

    DOSPageCount 30
    DOSSiteCount 30
    

Option 2

Add parallelUploads option to the Dropzone

Dropzone.options.myDropzone = {
    parallelUploads: 5,  // According to your mod_evasive limit
}

答案2

得分: 1

我找到解决办法。
我配置 mod_evasive 如下
DOSPageCount 25
我将 DOSPageCount 从 2 增加到 25,因为我最多可以上传 25 个文件。

英文:

I found the solution.
I configure mod_evasive like this

DOSPageCount 25

I increase DOSPageCount from 2 to 25 because I have max of 25 files for the upload.

huangapple
  • 本文由 发表于 2023年5月18日 01:00:30
  • 转载请务必保留本文链接:https://go.coder-hub.com/76274529.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定