Request Header Or Cookie Too Large

[git-SwitchBlade]

Hi Community,

I have set up a docker container with nginx and modsecurity, with a nginx default.conf but when I try to reach http://localhost, I get 400 Resquest Code Request Header Or Cookie Too Large, Below is the screenshot attached and my default.conf

server {
        listen 80 default_server;
        listen [::]:80 default_server;
    modsecurity on;
        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;
        client_body_buffer_size     32k;
        client_header_buffer_size   8k;
        large_client_header_buffers 8 64k;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
            # proxy_pass http://localhost:8080;
            # proxy_http_version 1.1;
            # proxy_set_header Upgrade $http_upgrade;
            # proxy_set_header Connection 'upgrade';
            # proxy_set_header Host $host;
            # proxy_cache_bypass $http_upgrade;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php7.0-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php7.0-fpm:
        #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}

Below is the docker file used

version: "3"

services:
  nginx-modsec:
    build: owasp/modsecurity-crs:3.3.4-nginx-alpine-202301110601
    ports:
      - "80:80"
    environment:
      - MODSEC_AUDIT_ENGINE=on
      - MODSEC_AUDIT_LOG=/var/log/nginx/modsec_audit.log
      - MODSEC_RULE_ENGINE=DetectionOnly
      - MODSEC_AUDIT_LOG_PARTS=ABCEFHJKZ
    volumes:
      - ./default.conf:/etc/nginx/templates/conf.d/default.conf:ro
      - ./log:/var/log/nginx

Thanks in advanced for the help

[theseion]

I'm pretty sure that your default.conf isn't considered a template, so you're actually running the container with the default configuration, not your default.conf. You probably wanted to override the default template file:

- ./default.conf:/etc/nginx/templates/conf.d/default.conf.template:ro
- ```

[git-SwitchBlade]

I checked inside the docker, /etc/nginx/templates/conf.d/default.conf.template was overwritten by ./default.conf, and any edits in default.conf are reflected inside the docker as well

[theseion]

I'll have some time to look into this tomorrow.

[git-SwitchBlade]

Sure, Thanks

[theseion]

I checked. As suspected, your default.conf did not override the default.conf.template and the actual configuration was the default one from the container. You need to change the mount instruction to

- ./default.conf:/etc/nginx/templates/conf.d/default.conf.template:ro

When I do that, I get a 404 with curl and no entries in the nginx error log.

[git-SwitchBlade]

Oh correct, thank you so much ;)