Fehler beim Hochladen, Statuscode 413

Support intro

Sorry to hear you’re facing problems. :slightly_frowning_face:

The community help forum is for home and non-enterprise users. Support is provided by other community members on a best effort / “as available” basis. All of those responding are volunteering their time to help you.

If you’re using Nextcloud in a business/critical setting, paid and SLA-based support services can be accessed via portal.nextcloud.com where Nextcloud engineers can help ensure your business keeps running smoothly.

Getting help

In order to help you as efficiently (and quickly!) as possible, please fill in as much of the below requested information as you can.

Before clicking submit: Please check if your query is already addressed via the following resources:

(Utilizing these existing resources is typically faster. It also helps reduce the load on our generous volunteers while elevating the signal to noise ratio of the forums otherwise arising from the same queries being posted repeatedly).

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can. :heart:

The Basics

  • Nextcloud Server version (e.g., 29.x.x):
    • $OC_Version = array(31,0,7,1);
  • Operating system and version (e.g., Ubuntu 24.04):
    • VM, Linux rlx4 5.15.0-91-generic #101~20.04.1-Ubuntu SMP Thu Nov 16 14:22:28 UTC 2023 x86_64
  • Web server and version (e.g, Apache 2.4.25):
    • nginx, version unknown, shared server from provider
  • Reverse proxy and version _(e.g. nginx 1.27.2)
    • unknown
  • PHP version (e.g, 8.3):
    • 8.4.10
  • Is this the first time you’ve seen this error? (Yes / No):
    • Yes
  • When did this problem seem to first start?
    • After Installation
  • Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
    • Softaculous
  • Are you using CloudfIare, mod_security, or similar? (Yes / No)
    • not as far as I know

Summary of the issue you are facing:

Problem occur using the web interface:

Uploading PDF or JPG ca. > 1 MB fails with message “Fehler beim Hochladen, Statuscode 413”.
Uploading a jpg with 607 KB was OK.
An INDD with 2 MB could also be uploaded without problems.

Steps to replicate it (hint: details matter!):

  1. Open URL, Login in, Go to folder “Documents”
  2. Drag and drop a jpg with 1.2 MB from OSX Finder to Safari (or Firefox) Nextcloud page, upload box.
  3. Error occurred each time.

Log entries

The server log/nextcloud folder is empty

Nextcloud

Please provide the log entries from your Nextcloud log that are generated during the time of problem (via the Copy raw option from Administration settings->Logging screen or from your nextcloud.log located in your data directory). Feel free to use a pastebin/gist service if necessary.

The server log/nextcloud folder is empty

Web Browser

If the problem is related to the Web interface, open your browser inspector Console and Network tabs while refreshing (reloading) and reproducing the problem. Provide any relevant output/errors here that appear.

[Warning] [WARN] viewer: Some mimes were ignored because they are not enabled in the server previews config (viewerAction-DnNjjbfw.chunk.mjs, line 5)
Object

app: "viewer"

ignoredMimes: ["image/heic", "image/heif", "image/tiff", "image/emf"] (4)

level: 2

uid: "User"

Object Prototyp


[Error] Failed to load resource: the server responded with a status of 413 () (Schwarz_7_8_.jpg, line 0)


[Error] [ERROR] @nextcloud/upload: Failed uploading Schwarz_7_8_.jpg – {app: "@nextcloud/upload", uid: "User", level: 2, …}
{app: "@nextcloud/upload", uid: "User", level: 2, error: r, file: File, …}Object
	log (core-common.js:1:1993255)
	error (core-common.js:1:1993575)
	(anonyme Funktion) (files-main.js:1:580980)


[Error] [ERROR] files: Error while uploading files
Object

app: "files"

errors: [{status: "rejected", reason: "Das Hochladen der Datei ist fehlgeschlagen"}] (1)

level: 2

uid: "User"

Object Prototyp
	log (core-common.js:1:1993255)
	error (core-common.js:1:1993575)
	(anonyme Funktion) (files-main.js:1:155644)

Web server / Reverse Proxy

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

Configuration

Nextcloud

The output of occ config:list system or similar is best, but, if not possible, the contents of your config.php file from /path/to/nextcloud is fine (make sure to remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => 'xxx...xxx',
  'passwordsalt' => 'xxx...xxx',
  'secret' => 'xxx...xxx',
  'trusted_domains' => 
  array (
    0 => 'nextcloud.mydomain.ch',
  ),
  'datadirectory' => '/var/www/vhosts/web123.provider.ch/private/nextclouddata',
  'dbtype' => 'mysql',
  'version' => '31.0.7.1',
  'overwrite.cli.url' => 'https://nextcloud.mydomain.ch',
  'dbname' => 'db_nextcld',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'db_nextcld',
  'dbpassword' => '------',
  'installed' => true,
  'mysql.utf8mb4' => true,
  'mail_from_address' => 'info',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'mydomain.ch',
);

Apps

The output of occ app:list (if possible).

Tips for increasing the likelihood of a response

  • Use the preformatted text formatting option in the editor for all log entries and configuration output.
  • If screenshots are useful, feel free to include them.
    • If possible, also include key error output in text form so it can be searched for.
  • Try to edit log output only minimally (if at all) so that it can be ran through analyzers / formatters by those trying to help you.

For the upload size, there are different parts that can control this, mostly webserver (and proxies if used) and php. For hosted environment, sometimes they let you modify the php configuration a bit.

In php config in the plesk configuration tool of my hosting provider, I have already set:

  • memory_limt = 1024M
  • max_execution_time = 3600
  • max_input_time = 3600
  • post_max_size = 1024M
  • upload_max_size = 256M

And from my understanding, 1.2 MB ist not that big …

What also makes me wonder, why can I upload a 2MB Indesign document, but fail on a less sized jpg or pdf

OK, found 2 errors somewhere in logs:

  1. APACHE error:
ModSecurity: Warning. Match of "pmFromFile userdata_wl_content_type" against "TX:0" required. [file "[/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf](mydomain.ch:8443/smb/file-manager/code-editor?currentDir=%2Fhttpdocs%2Fnextcloud%2Fetc%2Fapache2%2Fmodsecurity.d%2Frules%2Fcomodo_free&subscriptionId=1666&file=10_HTTP_HTTP.conf&redirect=%2Fsmb%2Flog-file%2Fbrowser%2Fid%2F5627)"] [line "17"] [id "210710"] [rev "5"] [msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type. nextcloud.mydomain.ch F 2"] [data "TX:0=image/jpeg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nextcloud.mydomain.ch"] [uri "[/remote.php/dav/files/Helga/Kunst/2025_Flex_klein/Schwarz_7_8_.jpg](https://mydomain.ch:8443/smb/file-manager/code-editor?currentDir=%2Fhttpdocs%2Fnextcloud%2Fremote.php%2Fdav%2Ffiles%2FHelga%2FKunst%2F2025_Flex_klein&subscriptionId=1666&file=Schwarz_7_8_.jpg&redirect=%2Fsmb%2Flog-file%2Fbrowser%2Fid%2F5627)"] [unique_id "aIyFaci6bY7oA7RvqsOFegAAAA8"]
  1. APACHE error
ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "nextcloud.mydomain.ch"] [uri "[/remote.php/dav/files/Helga/Kunst/2025_Flex_klein/Schwarz_7_8_.jpg](mydomain.ch:8443/smb/file-manager/code-editor?currentDir=%2Fhttpdocs%2Fnextcloud%2Fremote.php%2Fdav%2Ffiles%2FHelga%2FKunst%2F2025_Flex_klein&subscriptionId=1666&file=Schwarz_7_8_.jpg&redirect=%2Fsmb%2Flog-file%2Fbrowser%2Fid%2F5627)"] [unique_id "aIyFaci6bY7oA7RvqsOFegAAAA8"]

In regards to 1: there is no etc folder in my http docs/nextcloud folder and I do not have any access to apache config. As small jpg files are uploaded correctly, I assume it is not related to the jpg.

In regards to 2), what I have been able to configure is much more than 1 MB, that error still occurs. So I need to go in contact with my provider.

You initially answered “not as far as I know” to the question about mod_security, but mod_security is installed and active! Even worse, COMODO WAF is installed on your host!

Comodo is a company that has grown into a big player in the security space (primarily through certificates, later security software).

They provide a rule-based Web Application Firewall (WAF) for ModSecurity.

These are essentially large rule sets that check for suspicious patterns in HTTP traffic (SQL injection, XSS, invalid headers/content types, etc.).

These rules can be very aggressive → many false positives, especially in applications like Nextcloud that heavily utilize uploads, WebDAV, CalDAV/CardDAV.

Comodo once offered the “Free ModSecurity Ruleset,” which was often enabled by default in hosting packages and in Plesk or cPanel. That’s why you often come across messages like:

COMODO WAF: Request content type is not allowed by policy

In short:

  • ModSecurity = the engine
  • Comodo WAF = a rule set for it
  • CRS (OWASP Core Rule Set) = the more well-known alternative rule set

Many admins immediately remove Comodo rules because they often block Nextcloud, OwnCloud, WordPress, etc. without offering any real added value.


Here your log messages explained:

  1. COMODO WAF Content-Type Block
Match of "pmFromFile userdata_wl_content_type" against "TX:0" required.
[file "...10_HTTP_HTTP.conf"] [line "17"] [id "210710"]
[msg "COMODO WAF: Request content type is not allowed by policy. Please update file userdata_wl_content_type."]
[data "TX:0=image/jpeg"]

Meaning:

Comodo WAF rule 210710 only allows certain content types.

Your request came with content type: image/jpeg.

This is not whitelisted in the userdata_wl_content_type file → is therefore considered “not allowed.”

Solution:
If you want to allow JPEG uploads (which is normal with Nextcloud), you need to add image/jpeg to the whitelist, i.e., to the userdata_wl_content_type file (located somewhere in the ModSecurity or Comodo folder, usually /etc/apache2/modsecurity.d/rules/comodo_free/ or userdata_wl_content_type directly).


  1. Request Body Too Large
Request body no files data length is larger than the configured limit (1048576)..
Deny with code (413)

Meaning:

ModSecurity has a default limit of 1 MB (1048576 bytes) for the request body (i.e., uploads, POST data).

Your uploaded file is larger → ModSecurity blocks with HTTP 413 Payload Too Large.

Solution:
In your ModSecurity configuration (e.g., modsecurity.conf or modsecurity_crs_10_setup.conf), you need to increase these parameters:

SecRequestBodyLimit 104857600
SecRequestBodyNoFilesLimit 131072
SecRequestBodyInMemoryLimit 131072

SecRequestBodyLimit → maximum size for request bodies with files (e.g., 100 MB).

SecRequestBodyNoFilesLimit → maximum size for pure POST data without files (default is often 1 MB, you can increase this to 128k or 1M).

SecRequestBodyInMemoryLimit → how much of this can end up in RAM (the rest goes to tmp files).

Summary:

  • JPEG not whitelisted → add image/jpeg to userdata_wl_content_type.
  • Upload too large → adjust SecRequestBodyLimit (e.g., to 100 MB for Nextcloud).

Or simply disable mod_security if you don’t understand how it works and it looks to dificult:

sudo a2dismod security2
sudo apachectl reload

h.t.h.


Much and good luck,
ernolf

1 Like

Thanks a lot
I will check with my provider on Monday.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.