Re: [mod-security-users] Nginx - Unable to find upstream config after checking Request Body
Brought to you by:
victorhora,
zimmerletw
From: Andy B. <and...@gm...> - 2013-07-01 13:37:19
|
We are using ModSecurity 2.7.4 & nginx 1.4.1. We are building ModSecurity from the tarball with './configure --enable-standalone-module' We are then adding this module to nginx with the following configuration params: configure --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/access.log --user=nginx --group=spineii-applications --without-mail_pop3_module --without-mail_imap_module --with-debug --without-mail_smtp_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module --without-http_memcached_module --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --add-module=/var/lib/modsecurity/modsecurity-apache_2.7.4/nginx/modsecurity I am not sure that the issue is the sames a MODSEC-390 as the POSTed data doesn't appear to be stripped from the request, just that Nginx fails to forward a validated request to the defined upstream server. Thanks Andy On Mon, Jul 1, 2013 at 2:27 PM, Jose Pablo Valcárcel Lázaro < pab...@gm...> wrote: > Then I don´t know if there is a bug with the issue you have mentioned: > https://www.modsecurity.org/tracker/browse/MODSEC-390 > > Which version of mod_security are you using? > > Kind regards, > > > > 2013/7/1 Andy Bowes <and...@gm...> > >> Hi Jose >> >> Thanks for the answer but it doesn't look like the same issue. We are >> not seeing any errors/warnings about the content length in the log files >> and I don't really want to allow request bodies of ~10Mb to be held in >> memory. >> >> Regards >> Andy >> >> >> >> >> On Mon, Jul 1, 2013 at 12:55 PM, Jose Pablo Valcárcel Lázaro < >> pab...@gm...> wrote: >> >>> Hi there!! >>> >>> Fortunately I founded same error some time ago: >>> >>> [client X.X.X.X] ModSecurity: Request body (Content-Length) >>> is larger than the configured limit (131072). Deny with status (413) >>> [hostname "www.mydomain.com"] [uri "/xxx/xxx/web.php"] [unique_id >>> "Whatever"] >>> >>> >>> I solved with next steps: >>> >>> # Maximum request body size we will >>> # accept for buffering >>> #####SecRequestBodyLimit 131072 >>> SecRequestBodyLimit 10485760 >>> >>> # Store up to 128 KB in memory >>> #####SecRequestBodyInMemoryLimit 131072 >>> SecRequestBodyInMemoryLimit 10485760 >>> >>> # Buffer response bodies of up to >>> # 512 KB in length >>> #####SecResponseBodyLimit 524288 >>> SecResponseBodyLimit 10485760 >>> >>> Values are in bytes. Try to raise those values in mod_security general >>> config. >>> >>> I´ll hope this will help you. >>> >>> Kind Regards, >>> >>> >>> 2013/7/1 Andy Bowes <and...@gm...> >>> >>>> Hi >>>> >>>> We are just starting to use ModSecurity (v2.7.4) to protect our Nginx >>>> (v1.4.1) web apps and we are encountering an error if SecRequestBodyAccess >>>> is turned on. >>>> >>>> After going through all of the rules Nginx attempts to forward to the >>>> upstream server but it fails to find the configuration value. If >>>> SecRequestBodyAccess is not turned on then Nginx works as expected and the >>>> requests are forwarded to the appropriate upstream server. >>>> >>>> We have SecRuleEngine set to DetectionOnly and checking the modsecurity >>>> access log seems to indicate that all of the rules checks are successful. >>>> >>>> Is there anything else we should be setting/checking to get ModSecurity >>>> to handle POST requests on Nginx? >>>> >>>> Thanks >>>> Andy >>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> This SF.net email is sponsored by Windows: >>>> >>>> Build for Windows Store. >>>> >>>> http://p.sf.net/sfu/windows-dev2dev >>>> _______________________________________________ >>>> mod-security-users mailing list >>>> mod...@li... >>>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>>> http://www.modsecurity.org/projects/commercial/rules/ >>>> http://www.modsecurity.org/projects/commercial/support/ >>>> >>>> >>> >> > |