search

acouvreur / traefik-modsecurity-plugin

Traefik plugin to proxy requests to owasp/modsecurity-crs:apache container
https://plugins.traefik.io/plugins/628c9eadffc0cd18356a9799/modsecurity-plugin
Apache License 2.0
139 stars 25 forks source link

Big file in the request #23

Open Maxch3306 opened 2 months ago

Maxch3306 commented 2 months ago

When I upload a file bigger than 10MB it always have this error. Please help. When I turn off the waf the file upload work fine. log

 [Tue Sep 03 03:22:51.118117 2024] [proxy:error] [pid 24:tid 78] (70007)The timeout specified has expired: [client 172.22.0.8:43200] AH01084: pass request body failed to 172.22.0.2:80 (dummy), referer: https://domain.com/

 [Tue Sep 03 03:22:51.118180 2024] [proxy_http:error] [pid 24:tid 78] [client 172.22.0.8:43200] AH01097: pass request body failed to 172.22.0.2:80 (dummy) from 172.22.0.8 (), referer: https://domain.com/
traefik:
        image: 'traefik:v2.10'
        command:
            - '--log.level=DEBUG'
            - '--log.filePath=/log/log'
            - '--accessLog.filePath=/log/access'
            - '--api.dashboard=true'
            - '--providers.docker=true'
            - '--providers.docker.exposedbydefault=false'
            - '--entrypoints.web.address=:80'
            - '--entrypoints.web.http.redirections.entryPoint.to=websecure'
            - '--entrypoints.web.http.redirections.entryPoint.scheme=https'
            - '--entrypoints.websecure.address=:443'
            #WAF
            - --experimental.plugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin
            - --experimental.plugins.traefik-modsecurity-plugin.version=v1.3.0
        ports:
            - '80:80'
            - '443:443'
        volumes:
            - '/var/run/docker.sock:/var/run/docker.sock:ro'
            - './letsencrypt:/letsencrypt'
            - './log:/log'
        labels:
            - traefik.enable=true
            - traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
            - traefik.http.routers.traefik.service=api@internal
            - traefik.http.routers.traefik.entrypoints=websecure
            - traefik.http.routers.traefik.tls.certresolver=le
            #WAF
            - traefik.http.middlewares.waf.plugin.traefik-modsecurity-plugin.modSecurityUrl=http://waf:8080
            - traefik.http.middlewares.waf.plugin.traefik-modsecurity-plugin.maxBodySize=2147483648
            - traefik.http.middlewares.waf.plugin.traefik-modsecurity-plugin.timeoutMillis=600000
       waf:
        image: owasp/modsecurity-crs:apache
        environment:
            - PARANOIA=2
            - ANOMALY_INBOUND=10
            - ANOMALY_OUTBOUND=5
            - BACKEND=http://dummy
            - MODSEC_REQ_BODY_LIMIT=2097152000
     # Dummy service that always returns status HTTP 200 to WAF container
       dummy:
            image: traefik/whoami
eriCCsan commented 1 month ago

Same here.