ModSecurity: Multipart parsing error: Multipart: Failed to create file: /root/tmp/

mod-security-failed-create-file-root-tmp

We rebuild the Apache with modsecurity 2.7.3 on one of the server. But for some reason all file uploads to the server started failing with “500 Internal Server Error”. And below errors started showing up in the logs on each file upload.

[Sat Jun 14 15:04:09 2014] [error] [client xx.xx.xx.xx] ModSecurity: Multipart parsing error: Multipart: Failed to create file: /root/tmp/20140614-150409-U5vXyWcOy2QAB8KdxMEAAAAJ-file-QqYAdi [hostname "domain.com"] [uri "/upload.php"] [unique_id "U5vXyWcOy2QAB8KdxMEAAAAJ"]

On looking at the error closely you will see that for some reason ModSecurity is using /root/tmp for temp data to process requests, but it cannot write there. I will not advise anyone giving Apache write access to /root. Instead we can change the upload file path setting in modsecurity. You can add below lines to Apache/ModSecurity configuration file to change the temp directory path.

SecUploadDir /tmp
SecTmpDir /tmp
SecDataDir /tmp
SecRequestBodyAccess On

About 

Sreejit is the founder of Server Management Plus. His motto is "If there's an easier way, Why do it any other way" and following it, he has created a lots of automation scripts for the company using which we are able to resolve issue at an extremely fast rate and save lots of time. He has a very keen interest in new technologies and spend most of his free time online researching about it apart from listening music and watching movies.

1 thought on “ModSecurity: Multipart parsing error: Multipart: Failed to create file: /root/tmp/”

Comments are closed.