Apache 413 Request Entity Too Large: Fixing File Upload Failures With LimitRequestBody And PHP Configuration
Apache 413 Request Entity Too Large: Quick Fix Reference
The 413 error means Apache is rejecting your upload before it even hits PHP. Here's exactly what to change and where.
The Problem at a Glance
413 Request Entity Too Large
Two layers can block large uploads:
- Apache —
LimitRequestBodydirective - PHP —
upload_max_filesizeandpost_max_sizeini settings
Both must be configured. Fixing only one won't solve it.
Apache Configuration
Global Fix (httpd.conf or apache2.conf)
# Default is 0 (unlimited) — but distros often set it low
LimitRequestBody 104857600
# 104857600 bytes = 100MB
Virtual Host Fix (Recommended)
<VirtualHost *:80>
ServerName uploads.example.com
DocumentRoot /var/www/html
# Allow up to 100MB uploads
LimitRequestBody 104857600
</VirtualHost>
Directory-Level Fix
<Directory "/var/www/html/uploads">
LimitRequestBody 52428800
# 52428800 = 50MB
</Directory>
.htaccess Fix (if AllowOverride is enabled)
LimitRequestBody 104857600
Common Size Reference
| Size | Bytes |
|---|---|
| 10MB | 10485760 |
| 50MB | 52428800 |
| 100MB | 104857600 |
| 256MB | 268435456 |
| 512MB | 536870912 |
PHP Configuration
php.ini Settings
; File must be smaller than this — set FIRST
upload_max_filesize = 100M
; POST body limit — must be LARGER than upload_max_filesize
post_max_size = 128M
; Max time a script runs (increase for large uploads)
max_execution_time = 300
; Max time waiting for data
max_input_time = 300
; Memory limit — should be >= post_max_size
memory_limit = 256M
Rule of thumb:
memory_limit>post_max_size>upload_max_filesize
Find Your Active php.ini
php --ini | grep "Loaded Configuration"
# or
php -r "echo php_ini_loaded_file();"
Override Per Virtual Host (php_admin_value)
<VirtualHost *:80>
ServerName uploads.example.com
php_admin_value upload_max_filesize 100M
php_admin_value post_max_size 128M
php_admin_value memory_limit 256M
php_admin_value max_execution_time 300
</VirtualHost>
Note:
php_admin_valueonly works withmod_php. For PHP-FPM, edit the pool'sphp.inior usephp_admin_valuein the FPM pool config.
PHP-FPM Pool Override
; /etc/php/8.1/fpm/pool.d/www.conf
php_admin_value[upload_max_filesize] = 100M
php_admin_value[post_max_size] = 128M
php_admin_value[memory_limit] = 256M
php_admin_value[max_execution_time] = 300
Nginx Proxy in Front of Apache?
If Apache sits behind Nginx, Nginx will reject the request first.
# nginx.conf or server block
client_max_body_size 100M;
Apply Changes
# Test Apache config before reloading
apachectl configtest
# or
apache2ctl -t
# Reload Apache (no downtime)
sudo systemctl reload apache2 # Debian/Ubuntu
sudo systemctl reload httpd # RHEL/CentOS
# Restart PHP-FPM if you changed pool config
sudo systemctl restart php8.1-fpm
Verify Your Settings Are Active
<?php
// Drop this in a temp file to verify — delete after!
echo 'upload_max_filesize: ' . ini_get('upload_max_filesize') . "\n";
echo 'post_max_size: ' . ini_get('post_max_size') . "\n";
echo 'memory_limit: ' . ini_get('memory_limit') . "\n";
echo 'max_execution_time: ' . ini_get('max_execution_time') . "\n";
# Check Apache LimitRequestBody is parsed
apachectl -S 2>&1 | grep -i limit
Quick Diagnostic Checklist
- Is
LimitRequestBodyset in the right context (VirtualHost/Directory)? - Is
upload_max_filesizeset correctly in the active php.ini? - Is
post_max_sizegreater thanupload_max_filesize? - Is
memory_limitgreater thanpost_max_size? - Did you reload Apache and restart PHP-FPM after changes?
- Is Nginx (or another proxy) in front with its own body size limit?
- Are you testing with a hard reload (bypass browser cache)?
The One-Liner Sanity Check
curl -X POST https://yourdomain.com/upload \
-F "file=@/tmp/testfile.bin" \
-w "\nHTTP Status: %{http_code}\n" \
--max-time 60
If you still get 413 after all of the above, check your CDN or WAF — Cloudflare's free plan caps uploads at 100MB by default.
Was this article helpful?
SRE & Observability Engineer
If it's not measured, it doesn't exist. SLO-driven, metrics-obsessed, and the person who gets paged at 3 AM so you don't have to. Observability isn't optional.
Related Articles
Apache 301 Redirect Loop: Diagnosing And Fixing Infinite Redirect Chains In VirtualHost And .htaccess Configurations
Few things are more frustrating than deploying what you think is a clean redirect configuration, only to have your browser throw an `ERR_TOO_MANY_REDIRECTS...
Apache 500 Internal Server Error: Diagnosing .htaccess Syntax Failures And Module Conflicts Step By Step
If you've been running web infrastructure long enough, you know the 500 Internal Server Error is Apache's way of saying "something's broken, and I'm not go...
Apache 403 Forbidden Error After Directory Permissions Fix: Troubleshooting SELinux And File Contexts
You've just spent an hour wrestling with Apache file permissions, carefully setting ownership to `apache:apache` and permissions to `755` on your directori...
Fix Apache 'AH00558: Could not reliably determine server's FQDN'
Resolve the Apache AH00558 warning about not being able to determine the server's fully qualified domain name by setting ServerName correctly.
Fix Apache mod_rewrite Not Working
Diagnose and fix Apache mod_rewrite rules not being applied, covering module loading, AllowOverride settings, .htaccess issues, and rewrite logging.
Apache Mod_security WAF Rules For OWASP Top 10 Protection
If you're running Apache in production without a Web Application Firewall, you're essentially leaving your front door unlocked. mod_security is the industr...
More in Apache
View all →Apache Mod_status Real-Time Server Monitoring With Grafana And Prometheus Integration
Monitoring Apache without proper observability tooling is like flying blind. You might catch a problem after your users start complaining, but by then, you...
Apache Performance Tuning: MPM, KeepAlive, and Caching
Tune Apache performance by choosing the right MPM, configuring KeepAlive correctly, and enabling mod_cache for significant throughput gains.
Apache as a Reverse Proxy: mod_proxy Configuration Guide
Configure Apache as a reverse proxy using mod_proxy to route traffic to backend applications with load balancing and health checks.
Apache SSL/TLS Hardening: Get an A+ on SSL Labs
Harden Apache SSL/TLS configuration to achieve an A+ rating on Qualys SSL Labs with modern cipher suites and security headers.