上载文件时禁止使用Apache 403 [英] Apache 403 Forbidden When Uploading Files

查看：184 发布时间：2020/9/3 1:46:26 php apache upload http-status-code-403

本文介绍了上载文件时禁止使用Apache 403的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在提交包含输入文件的multipart/form-data表单时遇到一个奇怪的apache错误.看来只有当我上传70kb或更大的文件时，这种情况才会发生.

I'm having a strange apache error when I submit a multipart/form-data form with an input file. It seems that only happens when I upload files 70kb or bigger.

这是我的php.ini设置:

Here are my php.ini settings:

file_uploads = On
upload_max_filesize = 10M
max_execution_time = 90
max_input_time = 90
memory_limit = 196M
post_max_size = 10M

这是test.php中的HTML:

Here is the HTML in test.php:

<form action=""  method="POST" enctype="multipart/form-data">
    <input type="file" name="pdfMagazine" />
    <input type="submit" value="Save" name="saveMagazine" />
</form>

这是错误:

Forbidden

You don't have permission to access /test.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Server at myserver.com Port 80

以下是有关环境的更多详细信息:

Here's some more details about the environment:

Apache未安装mod_security，没有.htaccess限制文件上传
仅记录有403码的点
test.php权限是755和644
如果未上传文件，则表单提交很好.

Apache doesn´t have mod_security installed, there´s no .htaccess restricting the file upload
Logs only points that there was a 403 code
test.php permissions I tried were 755 and 644
form submits fine if no file is uploaded.

有人可以帮我吗?

谢谢.

[UPDATE]

服务器似乎已经安装了mod_security，这是apache原始日志:

It appears that server does have mod_security installed, here is apache raw log:

[Wed Jun 12 19:48:01 2013] [error] [client x.x.x.x] mod_security: Access denied with code 403. read_post_payload: Failed to create file "/root/tmp/20130612-194801-190.115.8.74-request_body-deJpho" because 13("Permission denied") [severity "EMERGENCY"] [hostname "myserver.com"] [uri "/test.php"]
[Wed Jun 12 19:48:01 2013] [error] [client x.x.x.x] mod_security: sec_filter_in: Failed to open file "/root/tmp/20130612-194801-190.115.8.74-request_body-deJpho" [hostname "myserver.com"] [uri "/403.shtml"]

进行研究后发现:

**Upload tmpdir issues**

Seeing this?

<source lang='php'> [Fri Nov 18 14:49:50 2011] [error] [client 72.52.142.215] mod_security: Access denied with code 406. read_post_payload: Failed to create file "/root/tmp/20111118-144950-72.52.142.215-request_body-xGPNPd" because 13("Permission denied") [severity "EMERGENCY"] [hostname "lakedonpedro.org"] [uri "/wp-cron.php?doing_wp_cron"] [unique_id "TsbhJkg0jtcAACYIFDk"] </source>

This actually happens because PHP's being set to use /root/tmp and the upload tmp dir. Let's set a few things then! Yay!

Make sure these are all set in /usr/local/lib/php.ini (session.save_path will probably already be set)
upload_tmp_dir = /tmp
session.save_path = /tmp

Make sure these are all set in /usr/local/apache/conf/modsec2.user.conf (or the applicable file for your system)
SecUploadDir /tmp
SecTmpDir /tmp

Restart the apachies.
It also seems it has worked adding the above to modsec.conf corrects this issue. per ~awilson

我确实更改了php.ini，但modsec配置文件有一个很大的警告，只有服务器提供商才能对其进行编辑，因此我正在与他们联系.

I did change the php.ini but the modsec configuration file has a big warning that only servers provider can edit it so I'm contacting them.

我会让你知道发生了什么事.

I'll let you know what happend.

[已解决]

Apache的mod_security模块默认情况下具有60kb的上传限制，因此任何较大的上传都会抛出403错误代码.

Apaches module mod_security has a 60kb upload limit by default so any bigger upload will throw a 403 error code.

由于modsec.conf只能由服务器提供程序编辑，因此我将以下行添加到每个根.htaccess中:

As the modsec.conf is only editable by the server provider, I add the following line to every root .htaccess:

SecFilterEngine Off

这通常会关闭mod_security过滤器.

That turned off the mod_security filter in general.

上载文件时禁止使用Apache 403 [英] Apache 403 Forbidden When Uploading Files

问题描述

推荐答案

相关文章

PHP最新文章

热门教程

热门工具

登录关闭

上载文件时禁止使用Apache 403 [英] Apache 403 Forbidden When Uploading Files

问题描述

推荐答案

相关文章

PHP最新文章

热门教程

热门工具

登录 关闭

登录关闭