Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF error "ModSecurity: Request body no files data...."


Im hosting for myself some things. One of it is PingVin-Share which is behind WAF on XG. I was trying to upload a file abut 10mb... But im getting an error.

So i went to console -> advanced shell logs are below:

[Sun May 14 20:00:11.856339 2023] [security2:error] [pid 28988:tid 140455144576768] [client] [client] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "SOME_FQDN"] [uri "/api/shares/gwMzU0N/files"] [unique_id "ZGE9yij5BYAMKO88rwko5wAAAAI"], referer: https://FQDN/upload
[Sun May 14 20:00:10.955261 2023] timestamp="1684094410" srcip="" localip="SOME_IP" user="-" method="POST" statuscode="413" reason="-" extra="-" exceptions="-" duration="901310" url="/api/shares/gwMzU0N/files" server="SOME_FQDN" referer="">">">https://FQDN/upload"

i was digging on forum and there is some solution but im a little bit confused to apply it, and this isnt even permanently solution... Its been about 3 years, and nothing has change to that problem ;)

I manage to make it work - i just made a path exception which exclude whole protection engines.. For my point for that case WAF is unusable, cuz there is no protection from OWASP etc.

This thread was automatically locked due to age.
Parents Reply
  • Its worth to mention that after messing around with above commands, you loose ability to modyfi existing protection rules in "web server -> Protection"

    I think, that SOPHOS is aware of that WAF in XG must be rebuild/repaird. Maybe this is gonna be a start(a must):


    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • Hello,

    This was a bug that has been fixed in 19.0 MR2 and 19.5 MR1. It was not related to changes made to the configuration through the database, but it was triggered when you tried to change the protection policy over the UI after it has been assigned to a WAF rule.

    Best regards,

    Attila Kovacs