POST request is not handled correctly about modsecurity HOT 12 CLOSED

Hello,

please send me the http post request. I would like to reproduce it. Also send me your modsecurity.conf and modsecurity debug log level 9.

Thanks

from modsecurity.

Do you have an upstream block defined? I think this is a vanilla nginx error, not mod_security related. Try this config:

upstream myserver  {
    server 111.111.111.111;
}
server {
listen 80;
server_name www.xxxx.co;
    location / {
        ModSecurityEnabled on;
        ModSecurityConfig modsecurity.conf;
        proxy_pass http://myserver/;
        proxy_set_header Host www.xxxx.co;
        proxy_read_timeout 180s;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
}

from modsecurity.

Yes. Just did it now. Looks fine.
Please send me more details about your POST then i can try reproduce it.

from modsecurity.

Ah, sorry for any confusion. I think the OP in this thread doesn't have an upstream config block, and it is not a ModSecurity error at all but rather a nginx configuration issue. I would suggest that they retest with an upstream block defined ahead of the server block; that should resolve the issue.

On Jun 14, 2013, at 12:16 PM, Breno Silva [email protected] wrote:

Yes. Just did it now. Looks fine.
Please send me more details about your POST then i can try reproduce it.

—
Reply to this email directly or view it on GitHub.

from modsecurity.

Right. So can i close this ticket ?

from modsecurity.

I think so, yes.

On Jun 14, 2013, at 12:37 PM, Breno Silva [email protected] wrote:

Right. So can i close this ticket ?

—
Reply to this email directly or view it on GitHub.

from modsecurity.

I am getting the same issue with the same versions of Nginx & ModSecurity.

I have got an upstream block in my configuration immediately before the server block. The application works as expected when the SecRequestBodyAccess is turned Off but gets the 'no upstream configuration' error if I turn this property on. This seems to indicate that my Nginx configuration is correct and that the problem is being caused only when the request body is being checked by ModSecurity.

from modsecurity.

@chaizhenhua not sure if it could be related to module order loading or an arch issue. Any idea ?
I cannot reproduce the issue.

from modsecurity.

Could it be related to the options that we are using to build Nginx with the ModSecurity module or to folder permissions assigned to the nginx user?

We are building ModSecurity from the tarball with './configure --enable-standalone-module'

We are then adding this module to nginx with the following configuration params:
configure
--sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock
--error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/access.log
--user=nginx --group=spineii-applications --without-mail_pop3_module --without-mail_imap_module --with-debug
--without-mail_smtp_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module
--without-http_memcached_module --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module
--add-module=/var/lib/modsecurity/modsecurity-apache_2.7.4/nginx/modsecurity

Hope this helps
Andy

from modsecurity.

@miwoow can you remove the tailing '/' in proxy_pass http://111.111.111.111:80/; and test again?

from modsecurity.

Hi, I 'm running in to this error too. It doesnt matter if proxy_pass is set or if an upstream block is defined. It happens on any POST request if SecRequestBodyAccess is enabled.

Here is a debug capture of the request http://bpaste.net/show/8nFOEuSGjsQL4uwTEGyR/
Here is modsec_debug http://bpaste.net/show/ecFlV2LlbW0RFYBAkgt2/
#140 sounds like a dupe.
Edit: Is #69 related? Or this? https://www.modsecurity.org/tracker/browse/MODSEC-390

For testing, I stripped down modsecurity.conf from the owasp-crs rules.
SecRuleEngine DetectionOnly
SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
SecDataDir /var/cache/modsecurity
SecRequestBodyAccess On
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecResponseBodyMimeType text/plain text/html text/xml
SecRequestBodyInMemoryLimit 131072
SecRequestBodyLimitAction ProcessPartial
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecTmpDir /var/cache/modsecurity
SecDebugLog /var/log/nginx/modsec_debug.log
SecDebugLogLevel 9
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType concurrent
SecAuditLog /var/log/nginx/modsec_audit.log
SecAuditLogStorageDir /var/log/nginx/audit
SecArgumentSeparator &
SecCookieFormat 0
SecComponentSignature "OWASP_CRS/2.2.7"
SecDefaultAction "phase:2,deny,log"

from modsecurity.

I am getting the same issue with the same versions of Nginx-1.8.1 & ModSecurity.nginx_refactoring.
anyone have idea solved this peoblems?

from modsecurity.