Closed mhastu closed 3 months ago
Thanks for sharing @mhastu. We'll see where we can integrate this.
@mhastu I've taken a look and I can confirm this is an issue on 27.1.0, and that rule should be perfectly safe, CRS blocks text/plain content mainly because ModSecurity can't parse it(since it doesn't know what the content is), you've enabled the appropriate parser (in this case xml parser) for text/plain so it should be perfectly fine. I opened a PR here #68
When accessing a publicly shared folder via link and trying to open an image inside, the following FP is produced:
ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/modsecurity/crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1012"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|text/plain|"] [severity "CRITICAL"] [ver "OWASP_CRS/4.0.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [uri "/public.php/webdav/img.jpg"]
.I was able to fix it with the following exclusion rule, without guarantee of safety: