New Sophos Support Phone Numbers in Effect July 1st, 2023

WAF error "ModSecurity: Request body no files data...."


Im hosting for myself some things. One of it is PingVin-Share which is behind WAF on XG. I was trying to upload a file abut 10mb... But im getting an error.

So i went to console -> advanced shell logs are below:

[Sun May 14 20:00:11.856339 2023] [security2:error] [pid 28988:tid 140455144576768] [client] [client] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "SOME_FQDN"] [uri "/api/shares/gwMzU0N/files"] [unique_id "ZGE9yij5BYAMKO88rwko5wAAAAI"], referer: https://FQDN/upload
[Sun May 14 20:00:10.955261 2023] timestamp="1684094410" srcip="" localip="SOME_IP" user="-" method="POST" statuscode="413" reason="-" extra="-" exceptions="-" duration="901310" url="/api/shares/gwMzU0N/files" server="SOME_FQDN" referer="">">">https://FQDN/upload"

i was digging on forum and there is some solution but im a little bit confused to apply it, and this isnt even permanently solution... Its been about 3 years, and nothing has change to that problem ;)

I manage to make it work - i just made a path exception which exclude whole protection engines.. For my point for that case WAF is unusable, cuz there is no protection from OWASP etc.

Added TAGs
[edited by: Erick Jan at 2:23 AM (GMT -7) on 15 May 2023]