We rebuild the Apache with modsecurity 2.7.3 on one of the server. But for some reason all file uploads to the server started failing with “500 Internal Server Error”. And below errors started showing up in the logs on each file upload.
[Sat Jun 14 15:04:09 2014] [error] [client xx.xx.xx.xx] ModSecurity: Multipart parsing error: Multipart: Failed to create file: /root/tmp/20140614-150409-U5vXyWcOy2QAB8KdxMEAAAAJ-file-QqYAdi [hostname "domain.com"] [uri "/upload.php"] [unique_id "U5vXyWcOy2QAB8KdxMEAAAAJ"]
On looking at the error closely you will see that for some reason ModSecurity is using /root/tmp for temp data to process requests, but it cannot write there. I will not advise anyone giving Apache write access to /root. Instead we can change the upload file path setting in modsecurity. You can add below lines to Apache/ModSecurity configuration file to change the temp directory path.
SecUploadDir /tmp SecTmpDir /tmp SecDataDir /tmp SecRequestBodyAccess On