Comments (12)
Hello,
please send me the http post request. I would like to reproduce it. Also send me your modsecurity.conf and modsecurity debug log level 9.
Thanks
from modsecurity.
Do you have an upstream
block defined? I think this is a vanilla nginx error, not mod_security related. Try this config:
upstream myserver {
server 111.111.111.111;
}
server {
listen 80;
server_name www.xxxx.co;
location / {
ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;
proxy_pass http://myserver/;
proxy_set_header Host www.xxxx.co;
proxy_read_timeout 180s;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
from modsecurity.
Yes. Just did it now. Looks fine.
Please send me more details about your POST then i can try reproduce it.
from modsecurity.
Ah, sorry for any confusion. I think the OP in this thread doesn't have an upstream config block, and it is not a ModSecurity error at all but rather a nginx configuration issue. I would suggest that they retest with an upstream block defined ahead of the server block; that should resolve the issue.
On Jun 14, 2013, at 12:16 PM, Breno Silva [email protected] wrote:
Yes. Just did it now. Looks fine.
Please send me more details about your POST then i can try reproduce it.—
Reply to this email directly or view it on GitHub.
from modsecurity.
Right. So can i close this ticket ?
from modsecurity.
I think so, yes.
On Jun 14, 2013, at 12:37 PM, Breno Silva [email protected] wrote:
Right. So can i close this ticket ?
—
Reply to this email directly or view it on GitHub.
from modsecurity.
I am getting the same issue with the same versions of Nginx & ModSecurity.
I have got an upstream block in my configuration immediately before the server block. The application works as expected when the SecRequestBodyAccess is turned Off but gets the 'no upstream configuration' error if I turn this property on. This seems to indicate that my Nginx configuration is correct and that the problem is being caused only when the request body is being checked by ModSecurity.
from modsecurity.
@chaizhenhua not sure if it could be related to module order loading or an arch issue. Any idea ?
I cannot reproduce the issue.
from modsecurity.
Could it be related to the options that we are using to build Nginx with the ModSecurity module or to folder permissions assigned to the nginx user?
We are building ModSecurity from the tarball with './configure --enable-standalone-module'
We are then adding this module to nginx with the following configuration params:
configure
--sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock
--error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/access.log
--user=nginx --group=spineii-applications --without-mail_pop3_module --without-mail_imap_module --with-debug
--without-mail_smtp_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module
--without-http_memcached_module --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module
--add-module=/var/lib/modsecurity/modsecurity-apache_2.7.4/nginx/modsecurity
Hope this helps
Andy
from modsecurity.
@miwoow can you remove the tailing '/' in proxy_pass http://111.111.111.111:80/;
and test again?
from modsecurity.
Hi, I 'm running in to this error too. It doesnt matter if proxy_pass is set or if an upstream block is defined. It happens on any POST request if SecRequestBodyAccess is enabled.
Here is a debug capture of the request http://bpaste.net/show/8nFOEuSGjsQL4uwTEGyR/
Here is modsec_debug http://bpaste.net/show/ecFlV2LlbW0RFYBAkgt2/
#140 sounds like a dupe.
Edit: Is #69 related? Or this? https://www.modsecurity.org/tracker/browse/MODSEC-390
For testing, I stripped down modsecurity.conf from the owasp-crs rules.
SecRuleEngine DetectionOnly
SecGeoLookupDb /usr/share/GeoIP/GeoIP.dat
SecDataDir /var/cache/modsecurity
SecRequestBodyAccess On
SecRequestBodyLimit 13107200
SecRequestBodyNoFilesLimit 131072
SecResponseBodyMimeType text/plain text/html text/xml
SecRequestBodyInMemoryLimit 131072
SecRequestBodyLimitAction ProcessPartial
SecPcreMatchLimit 1000
SecPcreMatchLimitRecursion 1000
SecTmpDir /var/cache/modsecurity
SecDebugLog /var/log/nginx/modsec_debug.log
SecDebugLogLevel 9
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIJDEFHZ
SecAuditLogType concurrent
SecAuditLog /var/log/nginx/modsec_audit.log
SecAuditLogStorageDir /var/log/nginx/audit
SecArgumentSeparator &
SecCookieFormat 0
SecComponentSignature "OWASP_CRS/2.2.7"
SecDefaultAction "phase:2,deny,log"
from modsecurity.
I am getting the same issue with the same versions of Nginx-1.8.1 & ModSecurity.nginx_refactoring.
anyone have idea solved this peoblems?
from modsecurity.
Related Issues (20)
- How to disable some logs? HOT 27
- Annoying DNS queries with @rbl operator HOT 18
- Feature request: Limit the number of rules processed per request HOT 3
- SecAuditLogPart 'E' is logged even if it is not configured HOT 7
- Error: Could not set variable "ip.brute_force_counter" and Could not set variable "ip.xmlrpc_counter" as the collection does not exist. HOT 6
- Is it possible to change the SecAuditLogStorageDir variable so that the logs are sorted by vhost?
- Lua installed, but Modsecurity still dont work with it HOT 2
- Phasing out SecStatusEngine HOT 2
- Regular Expression Failure Triggers `!@rx` HOT 1
- Incorrect utf8toUnicode transformation for 00xx
- docs, contributing: shorten description to improve flow for GitHub contributors, rewrite for owasp HOT 6
- @rbl operator does not support IPv6
- [Idea] Add variable support for SecAuditLog HOT 2
- % sign in URI must not be interpreted (other than for URI encoding) HOT 7
- Update link on Reference Manual v3 wiki page HOT 2
- Ignore SecStatusEngine directive in v2 HOT 1
- Encountering SIGSEGV when parsing multiple rule sets in parallel HOT 4
- is sanitiseArgs not supported in libmodsecurity3 version 3.0.12 HOT 5
- AH00526: Syntax error on line 93 of /etc/apache2/modsec/owasp-modsecurity-crs/rules/REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf: Error parsing actions: Unknown action: \\ Action 'configtest' failed. The Apache error log may have more information. HOT 4
- Apache: Short Lingering Close
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modsecurity.