search

coreruleset / modsecurity-crs-docker

Official ModSecurity Docker + Core Rule Set (CRS) images
https://coreruleset.org
Apache License 2.0
269 stars 69 forks source link

Support for analyzing gzip-ed body requests #60

Closed pestebogdan closed 2 years ago

pestebogdan commented 2 years ago

Trying to send a gzip-ed body cannot be parsed:

curl ....
--header 'Content-Encoding: gzip' \
--header 'Content-Type: application/json' \
--data-binary '@body.json.gz'

Error:

file: "/etc/modsecurity.d/modsecurity.conf"
lineNumber: "65"
match: "Matched "Operator `Eq' with parameter `0' against variable `REQBODY_ERROR' (Value: `1' )"
maturity: "0"
reference: "v192,1"
rev: ""
ruleId: "200002"
severity: "2"

message: "Failed to parse request body."

The only solution I see is setting MODSEC_REQ_BODY_ACCESS=off but that opens up a lot of security holes.

Is there any support for handling such requests ?

fzipi commented 2 years ago

HI @pestebogdan ! Do you think this is a problem with this docker setup, or it is more a problem for ModSecurity and the nginx connector?

fzipi commented 2 years ago

@pestebogdan I think this is a native problem and doesn't depend on this docker setup. This should be solved ad the ModSecurity-nginx level I think. Can you cross post this problem there? I don't think here we can solve it.

Closing.

bogdan-ionut-peste-db commented 2 years ago

Ok, that's fair enough. Just thought there might be some input that alleviates this that i may have missed. Will follow through upstream with this issue. Thanks.