Closed mhastu closed 3 months ago
"fixed" it temporarily on my local machine by adding the following rule. pretty sure it is too relaxed but i don't have much time right now
SecRule REQUEST_FILENAME "@beginsWith /public.php/dav/files" \
"id:1,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveById=920420"
@mhastu Thanks for the report, I found a few more false positives while working on this so both of your issues should be fixed here: #77
Let me know if that fixes your issue.
This particular false positive you reported is a bit tricky to handle, unfortunately there aren't many good options outside of disabling the rule entirely. That's mainly because we can't know the file type that's going to be uploaded in advance, so all content types need to be allowed.
Confirming that #77 fixes this issue. Thanks for the fast fix!
Since nextcloud 9.0.2.2 the following error appears in the log when trying to upload an image into a shared folder:
ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/modsecurity/crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1012"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|image/jpeg|"] [severity "CRITICAL"] [ver "OWASP_CRS/4.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [uri "/public.php/dav/files/Dnrmk2Bo9ymdeRJ/IMG_6671.jpeg"]