Closed mhastu closed 3 months ago
"fixed" it temporarily on my local machine by adding the following rule. pretty sure it is too relaxed but i don't have much time right now
SecRule REQUEST_FILENAME "@beginsWith /ocs/v2.php/apps/files_sharing/api/v1/shares" \
"id:2,\
phase:1,\
pass,\
t:none,\
nolog,\
ctl:ruleRemoveById=930120"
Confirming that #77 fixes this issue. Thanks for the fast fix!
When creating a sharing link in a folder in the Android client named e.g. "tmp" a false positive is created.
ModSecurity: Warning. Matched phrase "/tmp/" at ARGS:path. [file "/etc/modsecurity/crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "116"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: /tmp/ found within ARGS:path: /tmp/"] [severity "CRITICAL"] [ver "OWASP_CRS/4.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [uri "/ocs/v2.php/apps/files_sharing/api/v1/shares"]