POST request size limit?

Status
Not open for further replies.

matthe93

New Member
Messages
11
Reaction score
1
Points
3
I have a website that can accept POST requests.

In this site, I'm transferring a lot of data.

However, when my POST parameter reaches a certain length (around 220,000 characters), I start getting a 404 error on the request, saying that the php file cannot be found.

It seems there's some kind of message size threshold that, when exceeded, causes a 404 error.

I've discovered that splitting up the huge data into multiple parameters increases this threshold (for example, splitting the data into eighths increases the threshold to around 780,000).

Is this an issue with x10hosting, or my site? If so, is there any way to circumvent this, and if not what are the limitations / how much data can I send per request?
 

matthe93

New Member
Messages
11
Reaction score
1
Points
3
So I've done some more toying around and I've found that it's probably not the quantity of the requests, but the actual data being transferred across.

One message, containing around 70k characters, results in a 404 error, but another message containing around 100k characters works fine.

My current hypothesis is that there are some characters in the requests that the server blocks, but I can't say for sure. All I know is that there's something wrong with my data :p

If there's some "filter" property about the servers that is causing this, I'd very much like to know
 

matthe93

New Member
Messages
11
Reaction score
1
Points
3
OK, I've whittled the problem down to a really bizarre problem.

Basically, I can't have the words "hentai" or "pet girl" in my request parameters.

The words have to be on their own; they cannot be used in a sentence, or else I will receive 404 or 403 errors (except "pet girl", which doesn't work even on its own)

I've tried going into other x10hosting websites and doing requests with these words in the parameters, but they all work fine. It's just mine.

Additionally, I'm doing this via the Google Chrome DevTools console. Adding GET parameters in the URL bar works, but I was trying to do AJAX requests, which also fail.

Working:
upload_2019-6-25_15-35-7.png

Not working:
upload_2019-6-25_15-35-25.png

upload_2019-6-25_15-35-34.png

Is there something wrong with my x10hosting account?

P.S.
If you're curious as to why I need the words "hentai" and "pet girl", they're part of names of anime. I'm trying to create my own version of myanimelist
 
Last edited:

iplansx1

New Member
Messages
9
Reaction score
0
Points
1
I'm curious... why does your single quote ' look like ` ? Could it be relevant?
 

matthe93

New Member
Messages
11
Reaction score
1
Points
3
I'm curious... why does your single quote ' look like ` ? Could it be relevant?

it's a backtick, it can also be used to represent a string literal in JS, along with " and '

I've tried it with " and ' but the problem persists.
 

iplansx1

New Member
Messages
9
Reaction score
0
Points
1
it's a backtick, it can also be used to represent a string literal in JS, along with " and '

I've tried it with " and ' but the problem persists.
oh nice to know. Just got me curious because i use that in my sql query building to visually differentiate tables and column names from values.


having access to logs would be more helpful in this case actually. i'm also working on a page right now that gives out 503 or 500... access to the logs would be pretty handy in our situations.
 

iplansx1

New Member
Messages
9
Reaction score
0
Points
1
Anyway have you tried out just commenting out the rest of the code? echo out the data parameter you passed on to the page first. just to check if the problem is actually with passing the parameters or the processing of the string.
 

matthe93

New Member
Messages
11
Reaction score
1
Points
3
Anyway have you tried out just commenting out the rest of the code? echo out the data parameter you passed on to the page first. just to check if the problem is actually with passing the parameters or the processing of the string.

well, the parameters without the two words work fine, and the request also works when there are no parameters, so commenting out the data parameter works
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
mod_security2 is in place, so there may be a rule that is preventing such words (spam-related)
 

matthe93

New Member
Messages
11
Reaction score
1
Points
3
mod_security2 is in place, so there may be a rule that is preventing such words (spam-related)

I thought mod_security was about preventing threats and stuff; how can filtering words achieve that goal?

Also, is there any way to circumvent this or is it paid only (I read somewhere that free users can't touch any security settings x10hosting puts in place)
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
One of the rules used is to block keywords to do with drugs, as there would typically be spam regarding that. Yes, in this case, there is no mention of such things. However, it does sound as if there is a rule in place looking for the words you had pointed out.

When it does 403, your main page is put out rather than a message saying something along the lines of 'forbidden'.
DoMXpov.png


It used to be so that rule exceptions could be made on a per-account basis if it is proving to be an issue but these days I am not seeing anyone with high enough access continuing to do that.
X10Premium, their paid offering (very different compared to here), allows the ability to disable mod_security.

It is possible to get around the rule, but it will involve a bit of JavaScript and server-side processing.
 
Last edited:

matthe93

New Member
Messages
11
Reaction score
1
Points
3
One of the rules used is to block keywords to do with drugs, as there would typically be spam regarding that. Yes, in this case, there is no mention of such things. However, it does sound as if there is a rule in place looking for the words you had pointed out.

When it does 403, your main page is put out rather than a message saying something along the lines of 'forbidden'.
DoMXpov.png


It used to be so that rule exceptions could be made on a per-account basis if it is proving to be an issue but these days I am not seeing anyone with high enough access continuing to do that.
X10Premium, their paid offering (very different compared to here), allows the ability to disable mod_security.

It is possible to get around the rule, but it will involve a bit of JavaScript and server-side processing.

Hmm I see, yeah I could fix it programmatically but it seems hacky and it would only exist because of this server's rules. In the end I just used heroku :p

But thanks for giving it a try on your end and responding :) Much appreciated
 
Status
Not open for further replies.
Top