Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 5036 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF error "ModSecurity: Request body no files data...."

Regex

Hello,

Im hosting for myself some things. One of it is PingVin-Share which is behind WAF on XG. I was trying to upload a file abut 10mb... But im getting an error.

So i went to console -> advanced shell logs are below:

[Sun May 14 20:00:11.856339 2023] [security2:error] [pid 28988:tid 140455144576768] [client 31.0.182.76:2339] [client 31.0.182.76] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "SOME_FQDN"] [uri "/api/shares/gwMzU0N/files"] [unique_id "ZGE9yij5BYAMKO88rwko5wAAAAI"], referer: https://FQDN/upload
[Sun May 14 20:00:10.955261 2023] timestamp="1684094410" srcip="31.0.182.76" localip="SOME_IP" user="-" method="POST" statuscode="413" reason="-" extra="-" exceptions="-" duration="901310" url="/api/shares/gwMzU0N/files" server="SOME_FQDN" referer="">">">https://FQDN/upload"

i was digging on forum and there is some solution but im a little bit confused to apply it, and this isnt even permanently solution... Its been about 3 years, and nothing has change to that problem ;)

I manage to make it work - i just made a path exception which exclude whole protection engines.. For my point for that case WAF is unusable, cuz there is no protection from OWASP etc.

community.sophos.com/.../413-request-entity-too-large



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Erick Jan

    Indeed i have found this "solution" but its temporary. Infact its been over 3 years and Sophos didnt provide solution for it even for Business Slight smile I hope its gonna change soon.

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to Erick Jan

    Its worth to mention that after messing around with above commands, you loose ability to modyfi existing protection rules in "web server -> Protection"

    I think, that SOPHOS is aware of that WAF in XG must be rebuild/repaird. Maybe this is gonna be a start(a must):

    www.trustwave.com/.../

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • 0 in reply to Erick Jan

    Hi Erick Jan,

    is there any solution for the problem with "ModSecurity: Request body no files data length is larger than the configured limit"?

    We have transfer errors to our web server and waf. The size limit is 1048576, but partially the data can be transferred although it is more than 1 MB.

    Thanks.

    Bernd

  • 0 in reply to Regex

    Hello,

    This was a bug that has been fixed in 19.0 MR2 and 19.5 MR1. It was not related to changes made to the configuration through the database, but it was triggered when you tried to change the protection policy over the UI after it has been assigned to a WAF rule.

    Best regards,

    Attila Kovacs

  • 0 in reply to WBG

    Hello,

    The recommended solution is to tweak sec_request_body_no_files_limit as mentioned above. This value is for a single request, so whether or not a transfer succeeds depends on the way the backend application handles the transfer. It it uses chunked transfers, larger sizes can be transferred successfully as long as the chunk size is under the set limit. If the transfer happens in a single request, then the maximum file size is the one you configure.

    Best regards,

    Attila Kovacs

Unfiltered HTML