Joomla! Forum - community, help and support

Joomla! Community, help and support.
https://forum.joomla.org/

package upload error after enabeling https

https://forum.joomla.org/viewtopic.php?f=431&t=501208

Page 1 of 1

package upload error after enabeling https

Posted: Wed Mar 24, 2010 10:56 am
by camelopardalis
I have started to setup my own joomla webserver using Ubuntu 9.10 server and Joomla 1.5.15.
After the installation everything works fine using http. But before going online I wanted to secure the adminstrator part using ssl (https) in combination with a client certificate. I've configured ssl in apache (httpd.conf) and added the following lines to activate the security for the administrator:

<Directory "/joomla/htdocs/administrator">
SSLRequireSSL
SSLVerifyClient require
</Directory>

After restarting apache the administrator site is protected. However trying to upload templates
using the extension manager "Upload Package File" results in the following error

Request Entity Too Large.
The requested resource /administrator/index.php does not allow request data with POST requests, or the amount of data provided in the request exceeds the capacity limit.

Does anyone have a clue?

Re: package upload error after enabeling https

Posted: Wed Mar 24, 2010 1:14 pm
by fw116
http://www.vanemery.com/Linux/Apache/apache-SSL.html

Re: package upload error after enabeling https

Posted: Thu Mar 25, 2010 5:28 am
by camelopardalis
Thank you for the swift response. I was probably not clear enough. In actuallly did install the certificates following the procedures described by vanemery. The admin website works fine under https. I've also protected myPhpAdmin with ssl and this also works fine. The only thing that doesn't work is uploading files. Uploading packages using the extension manager as well as uploading images using the media manager gives the same error. Is there a restriction that prevents file upload using https?

Re: package upload error after enabeling https

Posted: Thu Mar 25, 2010 8:10 am
by camelopardalis
Checking the apache error log revealed the following error messages :

request body exceeds maximum size (131072) for SSL buffer
could not buffer message body to allow SSL renegotiation to proceed

Uploading files less than this max size worked fine.
Browsing around in the apache community I found the cause is a SSL handshake buffer that is intentionally limited in size to prohibit deny of service attacks. This is solved in apache 2.2.12 up by introducing the SSLRenegBufferSize directive. Fortunately I am using 2.2.14 so adding this directive with a 10M limit solved the issue:

<Directory "/opt/lampstack-1.2-1/apps/joomla/htdocs/administrator">
SSLRequireSSL
SSLVerifyClient require
SSLRenegBufferSize 10486000
</Directory>

Nice joining the Joomla community!!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/