Fix “ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified)”

We recently moved a wordpress site to a new server where certain pages would throw this error. Since this was a cPanel account we started looking at the error logs in public_html, the logs folder on the main but we couldn’t find any mention of this error there. The only thing we had to go on was on the user side which was a generic Internal Server Error.

We then looked at the error log located at /var/log/apache2/error_log and found the error we were looking for, since we manage the new server we could check in locations outside the cPanel account.

This error log will contain errors from every account on the server, in order to filter for your domain simply type:

cat error_log | grep "website.com"

This filter returned multiple lines of the same error:

ModSecurity: Output filter: Response body too large (over limit of 524288, total not specified). [hostname "website.com"] [uri "/index.php"] [unique_id "YHlm8q0aBUaa7ExCj041mgAAAkA"], referer: https://website.com/

This error basically says that that the size of the page is larger than the default 512 KB limit mod_security is allowed to scan for. The default value looks like this:

SecResponseBodyLimit 524228

We’ll start off by setting the value to double of the default to see if that solves our problem. You can increase this value until the error goes away for you. To increase this limit, add the following line to the file: /etc/apache2/conf.d/modsec/modsec2.user.conf

SecResponseBodyLimit 1048576‬

Restart Apache from either within WHM or issue the command:

service httpd restart

That’s it, you’re done.