WordPress upload size reduced to under 20MB even though it says the limit is 505MB – happened within last 24hrs

We have a file sharing form on our website, which allows file uploads of up to 505MB. To enable this, I did the following:

In Plesk, changed the PHP settings for the site subscription to the following:

  • memory_limit = 530M
  • max_execution_time = 300
  • max_input_time = 250
  • post_max_size = 525M
  • upload_max_filesize = 505M

In the Apache / NGINX settings, in the additional directives for BOTH http and https:

<IfModule mod_fcgid.c>
  FcgidMaxRequestLen 1073741824
  FcgidMaxRequestsPerProcess 100
  FcgidProcessLifeTime 7200
</IfModule>

In a .conf file in /etc/nginx/conf.d (which gets loaded into the http block in nginx.conf):

client_max_body_size 512M;

Previously these settings worked fine for our customers, but today suddenly they don’t. On the front end of the site, when the customer submits the file upload they get an error message “Request Entity Too Large” which usually means the nginx client body max size is not big enough.

I thought it was the form, but when I checked the WordPress media library from the admin and it also cannot upload a bigger file – even though it shows 505M on the wordpress upload window “Maximum upload file size: 505 MB.” It just says “http error”

What I’ve Tried:

  • Double checking all of the above to make sure it hadn’t changed.
  • loaded a phpinfo file and confirmed the correct config and directives are used
  • Restarting the server
  • Searching the forums, but no solutions have worked, such as:
  • adding rules to .htaccess
  • adding rules to php.ini in /wp-admin folder
  • adding rules to wp-config.php
  • deactivating all plugins
  • reverting to a default theme

Has this happened to anyone else? I’m wondering if it was a plesk update or php update that caused it, or if it’s related to just my server. It is happening to other sites on our shared server too, not just one. I hope I’ve explained it enough – appreciate the help.

Answer

Solution found!

In the end, I went to plesk.com and paid for a support service (only $10/mo) and their developers figured it out in about 6 hours and 8 emails. Turns out, it was an issue with a plesk microupdate that enabled ModSecurity, which applies its own limits on upload size in a config file that loads a module.

****In their words:

One of Modsecurity packages contains the configuration file /etc/httpd/conf.modules.d/10-mod_security.conf which loads security2_module by default

However, Plesk treats modsecurity as disabled by default. Therefore we have such discrepancy: Plesk shows modsecurity as disabled but it is actually enabled on the server. Also, it is not possible to disable modsecurity with the command:

# plesk sbin modsecurity_ctl -d

This behavior has been submitted as a bug PPPM-8557 which is planned to be fixed in one of the future Plesk updates.

So, in order to stop ModSecurity from messing with things, it was temporarily disabled by enabling and disabling it in Plesk UI.

I can confirm that the upload form is now working as it should. Plesk.com paid support WELL worth the money.