|
From: Ervin H. <ai...@gm...> - 2019-04-22 21:10:12
|
Hi Christian, On Mon, Apr 22, 2019 at 04:22:27PM -0300, Christian Varas wrote: > Hello, i'm having a small issue with modsecurity and nginx > > I'm getting the following blocking with the rule "GET or HEAD Request > with Body Content." > > The thing is that this rule is catching a wrong method. > > I'm sending this POST with a normal body content I think this isn't a "normal" request :) > *POST* /informacion-general-de-bomberos HTTP/1.1 > Host: www.bomberos.cl > Content-Length: 33480 ^^^^^^^^^^^^^^^^^^^^^^^ > Cache-Control: max-age=0 ... > Connection: close the body starts here: > > ------WebKitFormBoundary85SDZfedhQBpvDB6 > Content-Disposition: form-data; name="q" > > # > ------WebKitFormBoundary85SDZfedhQBpvDB6 > Content-Disposition: form-data; name="option" > > com_contenido > ------WebKitFormBoundary85SDZfedhQBpvDB6 > Content-Disposition: form-data; name="Itemid" > > 647 > ------WebKitFormBoundary85SDZfedhQBpvDB6 > Content-Disposition: form-data; name="task" > > buscarContenido > ------WebKitFormBoundary85SDZfedhQBpvDB6-- the length of the bidy is 424 char (plus the CR characters at the end of the lines, they are 17 - so 424+17 = 441). > "headers":{"Accept":"text/html...", ... ,"Content-Length":"441" > "components":["OWASP_CRS/3.1.0\""**]*},"messages":[{"message":"GET or HEAD Request with Body Content.","details":{"match":"Matched \"Operator `Rx' with parameter `^0?$' against variable `REQUEST_HEADERS:Content-Length' (Value: `441')", I think the Nginx waits a 33480 length body, but only got 441 - I assume that this is a unique Nginx behavior.... I've tried your request, only replaced the Content-Length to 424, and everything worked well. Hope this helps. a. |
