Ervin Hegedus

Hi @studersi, thanks for reporting this. You're completely right, it would be much better to make the both versions' default configuration files consistent. For the record: in libmodsecurity3 the initial...

There is no difference, I just think it's a bit confuse that in the "recommended" configuration file we set the engine to "DetectionOnly" and add a rule without any notification...

@studersi, @dune73, @marcstern - what do you think guys, do we need rule 200007 in recommended `modsecurity.conf` file? As I explained above I don't think it's necessary, but I don't...

> And is there any influence of the different body parsers on reqbody error and the argument limit behavior? Yes, for eg. JSON parser will stop too if it reaches...

Hi @FrankWarius, I think if the cause is the module, then we can reproduce it on other platform too. Could you sent the file which triggers this error to [email protected]?

Sorry, I don't have any Windows system.

I tried to upload the given file, and I couldn't reproduce your issue. Could you show the request (eg. a curl command) what triggers the problem?

Could you check the [SecRequestBodyLimit](https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#secrequestbodylimit) value? I know your image's size is "only" 4.6MB, but to be sure... Btw when a client uploads a file, it converts that into BASE64...

> What do you mean by iis Debug.log? > > advanced logging is enabled, but there are no error logs for this site, 500 errors from other sites are logged....

Hi @oceanmancuonh, do you think that would be the expected behavior? libmodsecurity3's reference shows it does not support at all: https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v3.x)#secruleupdatetargetbyid and mod_security2's reference that engine supports only the `id[:offset]`...