Hi,

i assume you have set SecDataDir, SecTmpDir, SecUploadDir to /var/log/mlogc .
If this directory is not writable by the apache user then the request will be blocked with a HTTP Code 400.

Best Regards
Michael



2014-03-17 18:06 GMT+01:00 <Bjoern.Becker@easycash.de>:
Hello,

I got two mod_security installations (version mod_security-2.7.3-2) in DetectionOnly mode. On installation in test and one in production environment.
When I upload a file with 10MB on both systems. I get the same EVENT in both systems, but in production the request is answered with a 400 only. In test environment I receive a 200.

I got exactly the same versions and configurations of mod_security on both systems. And when I understand correctly, the documentation of SecRequestBodyLimit Action will be set to ProcessPartial when DetectionOnly mode is active.

There is just one difference in the events from test to production.

Test environment:

SEVERITY_NOT_SET
        200003
Warning. Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required.
Rule-Message:
Multipart parser detected a possible unmatched boundary.

CRITICAL
        960915
Warning. Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [rev "1"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"]


Production environment:

SEVERITY_NOT_SET
        200003
Warning. Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required.
Rule-Message:
Multipart parser detected a possible unmatched boundary.
CRITICAL
        960915
Warning. Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [rev "1"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"]
Rule-Message:
Multipart parser detected a possible unmatched boundary.

SEVERITY_NOT_SET

Failed to open temporary file for reading: /var/log/mlogc/20140314-144519-UyMH7gqAPTMAADlyZCoAAAAb-request_body-6PX2op



But I really don't know why it's a problem to read the temporary mlogc file and why this may be cause that the request is answered with a 400 instead of 200.

Thanks!

Best Regards,
Bjoern



------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/