Nginx + Mod_Security gives 403 when trying to post

MeowMeowVenom commented 3 years ago

Bug Report

Current Behavior

When mod_security is enabled in nginx, trying to post gives error In console, domain.com/api/disscussions returns 403

Steps to Reproduce

Enable mod_security
Try to post something in forum (with markdown)
You get an error saying 'Requested resource cant be found'
In console you get 403

Expected Behavior A clear and concise description of what you expected to happen. It should Post

Environment

Flarum version: 1.0.4
Webserver: Nginx
Hosting environment: Dedicated
PHP version: 7.4.21
Browser: Chrome 91

Flarum core 1.0.4
PHP version: 7.4.21
Loaded extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, pcntl, Reflection, SPL, session, standard, sodium, mysqlnd, PDO, xml, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, iconv, imap, json, exif, mysqli, pdo_mysql, Phar, posix, readline, shmop, SimpleXML, soap, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlrpc, xmlwriter, xsl, zip, Zend OPcache
+------------------------------------------+---------+--------+
| Flarum Extensions                        |         |        |
+------------------------------------------+---------+--------+
| ID                                       | Version | Commit |
+------------------------------------------+---------+--------+
| flarum-flags                             | v1.0.0  |        |
| sycho-advanced-extension-categories      | v0.1.3  |        |
| flarum-approval                          | v1.0.0  |        |
| flarum-tags                              | v1.0.3  |        |
| flarum-markdown                          | v1.0.1  |        |
| fof-spamblock                            | 1.0.0   |        |
| flarum-suspend                           | v1.0.0  |        |
| askvortsov-auto-moderator                | v0.1.1  |        |
| flarum-sticky                            | v1.0.0  |        |
| michaelbelgium-discussion-views          | v7.0.0  |        |
| noriods-auto-more                        | v1.0.0  |        |
| fof-html-errors                          | 1.0.0   |        |
| afrux-asirem                             | v0.1.2  |        |
| dem13n-discussion-cards                  | 0.3.8   |        |
| fof-oauth                                | 1.0.1   |        |
| nearata-copy-code-to-clipboard           | v2.0.0  |        |
| the-turk-miserable-users                 | 1.0.2   |        |
| flarum-nicknames                         | v1.0.0  |        |
| katosdev-signature                       | 1.0.0   |        |
| ramesh-dada-bbcode-alerts                | 6.21    |        |
| flarum-lock                              | v1.0.0  |        |
| clarkwinkelmann-group-invitation         | 1.0.0   |        |
| askvortsov-markdown-tables               | v1.2.1  |        |
| fof-sitemap                              | 1.0.0   |        |
| migratetoflarum-canonical                | 1.0.0   |        |
| the-turk-nodp                            | 1.0.1   |        |
| fof-merge-discussions                    | 1.0.0   |        |
| the-turk-quiet-edits                     | 0.1.3   |        |
| matteocontrini-imgur-upload              | v3.9.1  |        |
| fof-cookie-consent                       | 1.0.0   |        |
| fof-profile-image-crop                   | 1.0.0   |        |
| fof-stopforumspam                        | 1.0.0   |        |
| fof-user-bio                             | 1.0.0   |        |
| justoverclock-hashtag                    | 0.1.9   |        |
| askvortsov-categories                    | v3.0.0  |        |
| glowingblue-password-strength            | 3.0.0   |        |
| jslirola-login2seeplus                   | v0.2    |        |
| nearata-twofactor                        | v2.0.0  |        |
| flarum-emoji                             | v1.0.0  |        |
| flarum-lang-english                      | v1.0.0  |        |
| flarum-bbcode                            | v1.0.0  |        |
| dem13n-topic-starter-label               | 0.1.6   |        |
| justoverclock-purify                     | 0.1.5   |        |
| sycho-profile-cover                      | v1.3.0  |        |
| ianm-level-ranks                         | 1.0.0   |        |
| clarkwinkelmann-group-list               | 1.0.0   |        |
| fof-pwned-passwords                      | 1.0.0   |        |
| fof-polls                                | 1.0.3   |        |
| fof-drafts                               | 1.0.1   |        |
| fof-best-answer                          | 1.0.1   |        |
| nyu8-email-filter                        | 1.0.5   |        |
| the-turk-diff                            | 1.1.1   |        |
| ianm-no-meta-title                       | 1.0.1   |        |
| v17development-seo                       | v1.8.0  |        |
| fof-moderator-notes                      | 1.0.0   |        |
| flarum-likes                             | v1.0.0  |        |
| flarum-subscriptions                     | v1.0.0  |        |
| flarumite-simple-spoilers                | 1.0.0   |        |
| clarkwinkelmann-shadow-ban               | 1.0.1   |        |
| fof-clockwork                            | 1.0.0   |        |
| fof-doorman                              | 1.0.0   |        |
| v17development-user-badges               | v0.2.1  |        |
| extiverse-mercury                        | 0.1.3   |        |
| the-turk-stickiest                       | 2.0.3   |        |
| glowingblue-redis-setup                  | 1.0.3   |        |
| flarum-mentions                          | v1.0.0  |        |
| fof-ban-ips                              | 1.0.0   |        |
| opendir-font-awesome-6                   | 0.5     |        |
| justoverclock-username-blacklist         | 0.1.0   |        |
| acpl-mobile-tab                          | 1.0.3   |        |
| flarum-statistics                        | v1.0.0  |        |
| clarkwinkelmann-popular-discussion-badge | 1.0.0   |        |
| ralkage-hcaptcha                         | 1.0.0   |        |
+------------------------------------------+---------+--------+

Possible Solution

One way is to disable mod_security for /api URI. I tried that, but still failed. I doubt, if I did this correctly, I don't see this documented anywhere. Mod security has custom exclusions for wordpress. It would be great, if we can have one for flarum

matteocontrini commented 3 years ago

Could you check ModSecurity audit logs to understand the reason why requests are blocked?

MeowMeowVenom commented 3 years ago

Well, now comes another issue! They are blank for some reason, even after I set them to debug mode.

Gotta fix it :(

Edit: Raising a issue there too regarding this https://github.com/SpiderLabs/ModSecurity-nginx/issues/248

MeowMeowVenom commented 3 years ago

Nginx gave some logs that might help out

2021/07/31 15:39:25 [notice] 21700#21700: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:39:25 [notice] 21700#21700: signal process started
2021/07/31 15:39:47 [notice] 21718#21718: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:39:47 [notice] 21718#21718: signal process started
2021/07/31 15:40:08 [error] 21719#21719: *6114 open() "/var/www/mydomain.com/public/t/fonts/fa-solid-900.woff2" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /t/fonts/fa-solid-900.woff2 HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/t/i-t-software"
2021/07/31 15:40:09 [error] 21719#21719: *6115 open() "/var/www/mydomain.com/public/t/fonts/fa-solid-900.woff" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /t/fonts/fa-solid-900.woff HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/t/i-t-software"
2021/07/31 15:40:10 [error] 21719#21719: *6118 open() "/var/www/mydomain.com/public/t/fonts/fa-solid-900.ttf" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /t/fonts/fa-solid-900.ttf HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/t/i-t-software"
2021/07/31 15:40:10 [error] 21719#21719: *6120 open() "/var/www/mydomain.com/public/d/fonts/fa-solid-900.woff2" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /d/fonts/fa-solid-900.woff2 HTTP/1.1", host: "mydomain.com" 
2021/07/31 15:40:11 [error] 21719#21719: *6121 open() "/var/www/mydomain.com/public/d/fonts/fa-solid-900.woff" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /d/fonts/fa-solid-900.woff HTTP/1.1", host: "mydomain.com"
2021/07/31 15:40:12 [error] 21719#21719: *6122 open() "/var/www/mydomain.com/public/d/fonts/fa-solid-900.ttf" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /d/fonts/fa-solid-900.ttf HTTP/1.1", host: "mydomain.com"
2021/07/31 15:40:13 [error] 21719#21719: *6123 open() "/var/www/mydomain.com/public/t/fonts/fa-solid-900.ttf" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /t/fonts/fa-solid-900.ttf HTTP/1.1", host: "mydomain.com", referrer: "arc.io"
2021/07/31 15:40:14 [error] 21719#21719: *6125 open() "/var/www/mydomain.com/public/fonts/fa-regular-400.woff2" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /fonts/fa-regular-400.woff2 HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:40:15 [error] 21719#21719: *6127 open() "/var/www/mydomain.com/public/fonts/fa-regular-400.woff" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /fonts/fa-regular-400.woff HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:40:15 [error] 21719#21719: *6128 open() "/var/www/mydomain.com/public/d/fonts/fa-solid-900.ttf" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /d/fonts/fa-solid-900.ttf HTTP/2.0", host: "mydomain.com", referrer: "arc.io"
2021/07/31 15:40:16 [error] 21719#21719: *6129 open() "/var/www/mydomain.com/public/fonts/fa-regular-400.ttf" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /fonts/fa-regular-400.ttf HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:40:19 [error] 21719#21719: *6130 open() "/var/www/mydomain.com/public/fonts/fa-regular-400.ttf" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /fonts/fa-regular-400.ttf HTTP/1.1", host: "mydomain.com", referrer: "arc.io"
2021/07/31 15:40:21 [error] 21719#21719: *6104 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:40:35 [error] 21719#21719: *6136 open() "/var/www/mydomain.com/public/d/fonts/fa-regular-400.woff2" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /d/fonts/fa-regular-400.woff2 HTTP/2.0", host: "mydomain.com"
2021/07/31 15:40:40 [error] 21719#21719: *6137 open() "/var/www/mydomain.com/public/d/fonts/fa-regular-400.woff" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /d/fonts/fa-regular-400.woff HTTP/1.1", host: "mydomain.com"
2021/07/31 15:40:41 [error] 21719#21719: *6138 open() "/var/www/mydomain.com/public/d/fonts/fa-regular-400.ttf" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /d/fonts/fa-regular-400.ttf HTTP/2.0", host: "mydomain.com"
2021/07/31 15:40:44 [error] 21719#21719: *6141 open() "/var/www/mydomain.com/public/d/fonts/fa-regular-400.ttf" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /d/fonts/fa-regular-400.ttf HTTP/1.1", host: "mydomain.com", referrer: "arc.io"
2021/07/31 15:40:54 [notice] 21730#21730: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:40:54 [notice] 21730#21730: signal process started
2021/07/31 15:42:31 [error] 21731#21731: *6167 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?include=user%2ClastPostedUser%2Ctags%2Ctags.parent%2CfirstPost%2CfirstPost%2Cposts%2Cposts.user&sort&page%5Boffset%5D=20 HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:42:39 [error] 21731#21731: *6147 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?include=user%2ClastPostedUser%2Ctags%2Ctags.parent%2CfirstPost%2CfirstPost%2Cposts%2Cposts.user&sort&page%5Boffset%5D=20 HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:43:06 [error] 21731#21731: *6173 open() "/var/www/mydomain.com/public/t/fonts/fa-regular-400.woff2" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /t/fonts/fa-regular-400.woff2 HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/t/i-t-software"
2021/07/31 15:43:06 [error] 21731#21731: *6174 open() "/var/www/mydomain.com/public/t/fonts/fa-regular-400.woff" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /t/fonts/fa-regular-400.woff HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/t/i-t-software"
2021/07/31 15:43:07 [error] 21731#21731: *6175 open() "/var/www/mydomain.com/public/t/fonts/fa-regular-400.ttf" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /t/fonts/fa-regular-400.ttf HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/t/i-t-software"
2021/07/31 15:43:10 [error] 21731#21731: *6176 open() "/var/www/mydomain.com/public/t/fonts/fa-regular-400.ttf" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /t/fonts/fa-regular-400.ttf HTTP/1.1", host: "mydomain.com", referrer: "arc.io"
2021/07/31 15:43:23 [error] 21731#21731: *6181 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?include=user%2ClastPostedUser%2Ctags%2Ctags.parent%2CfirstPost%2CfirstPost%2Cposts%2Cposts.user&sort&page%5Boffset%5D=20 HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:43:35 [error] 21731#21731: *6186 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?include=user%2ClastPostedUser%2Ctags%2Ctags.parent%2CfirstPost%2CfirstPost%2Cposts%2Cposts.user&sort&page%5Boffset%5D=20 HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:43:49 [error] 21731#21731: *6191 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?include=user%2ClastPostedUser%2Ctags%2Ctags.parent%2CfirstPost%2CfirstPost%2Cposts%2Cposts.user&sort&page%5Boffset%5D=0 HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:43:50 [error] 21731#21731: *6192 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?include=user%2ClastPostedUser%2Ctags%2Ctags.parent%2CfirstPost%2CfirstPost%2Cposts%2Cposts.user&filter%5Btag%5D=i-t-software&sort&page%5Boffset%5D=0 HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/t/i-t-software"
2021/07/31 15:43:57 [error] 21731#21731: *6198 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?filter%5Bq%5D=gee&page%5Blimit%5D=3&include=mostRelevantPost HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/categories"
2021/07/31 15:43:57 [error] 21731#21731: *6184 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?filter%5Bq%5D=geek&page%5Blimit%5D=3&include=mostRelevantPost HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/categories"
2021/07/31 15:44:00 [error] 21731#21731: *6203 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?filter%5Bq%5D=geekfor&page%5Blimit%5D=3&include=mostRelevantPost HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/categories"
2021/07/31 15:44:01 [error] 21731#21731: *6147 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?include=user%2ClastPostedUser%2Ctags%2Ctags.parent%2CfirstPost%2CfirstPost%2Cposts%2Cposts.user&filter%5Btag%5D=forum-guide-rules&sort&page%5Boffset%5D=0 HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/t/forum-guide-rules"
2021/07/31 15:44:02 [error] 21731#21731: *6184 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?include=user%2ClastPostedUser%2CmostRelevantPost%2CmostRelevantPost.user%2Ctags%2Ctags.parent%2CfirstPost%2CfirstPost%2Cposts%2Cposts.user&filter%5Bq%5D=geekforgeeks&sort&page%5Boffset%5D=0 HTTP/2.0", host: "mydomain.com"
2021/07/31 15:44:02 [error] 21731#21731: *6205 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?filter%5Bq%5D=geekforgeeks&page%5Blimit%5D=3&include=mostRelevantPost HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/categories"
2021/07/31 15:44:06 [error] 21731#21731: *6207 open() "/var/www/mydomain.com/public/api/discussions" failed (2: No such file or directory), client: [IP REMOVED], server: mydomain.com, request: "GET /api/discussions?include=user%2ClastPostedUser%2Ctags%2Ctags.parent%2CfirstPost%2CfirstPost%2Cposts%2Cposts.user&sort&page%5Boffset%5D=0 HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:44:11 [notice] 21811#21811: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:44:11 [notice] 21811#21811: signal process started
2021/07/31 15:47:12 [notice] 21820#21820: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:47:12 [notice] 21820#21820: signal process started
2021/07/31 15:47:23 [error] 21821#21821: *6223 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627739243"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:47:46 [notice] 21827#21827: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:47:46 [notice] 21827#21827: signal process started
2021/07/31 15:51:16 [notice] 21846#21846: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:51:16 [notice] 21846#21846: signal process started
2021/07/31 15:55:08 [notice] 21882#21882: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:55:08 [notice] 21882#21882: signal process started
2021/07/31 15:56:12 [notice] 21901#21901: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:56:12 [notice] 21901#21901: signal process started
2021/07/31 15:56:56 [notice] 21916#21916: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:56:56 [notice] 21916#21916: signal process started
2021/07/31 15:57:13 [error] 21917#21917: *6354 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627739833"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 15:57:34 [notice] 21931#21931: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 15:57:34 [notice] 21931#21931: signal process started
2021/07/31 16:04:18 [notice] 22041#22041: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 16:04:21 [notice] 22043#22043: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 16:04:21 [notice] 22043#22043: signal process started
2021/07/31 16:04:43 [error] 22044#22044: *6499 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740283"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:04:54 [error] 22044#22044: *6503 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740294"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:04:58 [error] 22044#22044: *6504 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740298"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:05:01 [error] 22044#22044: *6503 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740301"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:05:02 [error] 22044#22044: *6505 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740302"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:05:03 [error] 22044#22044: *6506 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740303"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:05:04 [error] 22044#22044: *6507 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740304"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:05:05 [error] 22044#22044: *6499 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740305"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:05:06 [error] 22044#22044: *6503 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740306"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:05:07 [error] 22044#22044: *6499 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740307"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:05:25 [error] 22044#22044: *6499 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627740325"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:05:36 [error] 22044#22044: *6499 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/"] [unique_id "1627740336"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "GET /?id=3%20or%20%27a%27=%27a%27 HTTP/2.0", host: "mydomain.com"
2021/07/31 16:07:51 [notice] 22057#22057: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 16:07:51 [notice] 22057#22057: signal process started
2021/07/31 16:17:11 [error] 22058#22058: *6637 open() "/var/www/mydomain.com/public/apple-touch-icon-precomposed.png" failed (2: No such file or directory), client: 240.37.170.248, server: mydomain.com, request: "GET /apple-touch-icon-precomposed.png HTTP/1.1", host: "mydomain.com"
2021/07/31 16:25:14 [error] 22058#22058: *6836 open() "/var/www/mydomain.com/public/fontawesome/css/all.css" failed (2: No such file or directory), client: 249.92.237.153, server: mydomain.com, request: "GET /fontawesome/css/all.css HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:25:21 [notice] 22403#22403: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 16:25:21 [notice] 22403#22403: signal process started
2021/07/31 16:25:49 [error] 22405#22405: *6896 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/"] [unique_id "1627741549"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "GET /?id=3%20or%20%27a%27=%27a%27 HTTP/1.1", host: "mydomain.com"
2021/07/31 16:25:55 [error] 22405#22405: *6900 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627741555"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/1.1", host: "mydomain.com", referrer: "https://mydomain.com/"
2021/07/31 16:26:52 [notice] 22428#22428: ModSecurity-nginx v1.0.2 (rules loaded inline/local/remote: 0/911/0)
2021/07/31 16:26:52 [notice] 22428#22428: signal process started
2021/07/31 16:27:17 [error] 22429#22429: *6960 [client [IP REMOVED]] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[IP REMOVED]"] [uri "/api/discussions"] [unique_id "1627741637"] [ref ""], client: [IP REMOVED], server: mydomain.com, request: "POST /api/discussions HTTP/2.0", host: "mydomain.com", referrer: "https://mydomain.com/"

tankerkiller125 commented 3 years ago

Looking through that log it appears that your rewrite rules in Nginx aren't working which might be triggering the error. Could you past your Nginx config for Flarum?

MeowMeowVenom commented 3 years ago

/etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
include /usr/share/nginx/modules/*.conf;
load_module modules/ngx_http_modsecurity_module.so;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    modsecurity on;
    modsecurity_rules_file /etc/nginx/modsec/main.conf;

    # Pagespeed main settings
    pagespeed on;
    pagespeed FileCachePath /var/ngx_pagespeed_cache;
    # Ensure requests for pagespeed optimized resources go to the pagespeed
    # handler and no extraneous headers get set.
    location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; }
    location ~ "^/ngx_pagespeed_static/" { }
    location ~ "^/ngx_pagespeed_beacon" { }

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;
    server_names_hash_bucket_size 64;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

log_format  custom  '"$http_x_forwarded_for" $remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" ';

    access_log /var/log/nginx/access.log custom;
    error_log /var/log/nginx/error.log;

#limit_req_zone $http_x_forwarded_for zone=one:1m rate=30r/m;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    proxy_hide_header X-Powered-By;
    add_header X-Frame-Options SAMEORIGIN always;
    add_header "X-XSS-Protection" "1; mode=block";
#   add_header X-Frame-Options "SAMEORIGIN" always;

    set_real_ip_from 173.245.48.0/20;
    set_real_ip_from 103.21.244.0/22;
    set_real_ip_from 103.22.200.0/22;
    set_real_ip_from 103.31.4.0/22;
    set_real_ip_from 141.101.64.0/18;
    set_real_ip_from 108.162.192.0/18;
    set_real_ip_from 190.93.240.0/20;
    set_real_ip_from 188.114.96.0/20;
    set_real_ip_from 197.234.240.0/22;
    set_real_ip_from 198.41.128.0/17;
    set_real_ip_from 162.158.0.0/15;
    set_real_ip_from 172.64.0.0/13;
    set_real_ip_from 131.0.72.0/22;
    set_real_ip_from 104.16.0.0/13;
    set_real_ip_from 104.24.0.0/14;
    real_ip_header X-Forwarded-For;

#   allow localhost;
    allow 127.0.0.1;    
    allow 173.245.48.0/20;
    allow 103.21.244.0/22;
    allow 103.22.200.0/22;
    allow 103.31.4.0/22;
    allow 141.101.64.0/18;
    allow 108.162.192.0/18;
    allow 190.93.240.0/20;
    allow 188.114.96.0/20;
    allow 197.234.240.0/22;
    allow 198.41.128.0/17;
    allow 162.158.0.0/15;
    allow 172.64.0.0/13;
    allow 131.0.72.0/22;
    allow 104.16.0.0/13;
    allow 104.24.0.0/14;
#   real_ip_header     CF-Connecting-IP;
#   deny all;

    include /etc/nginx/conf.d/*.conf;
#   include /etc/nginx/sites-enabled/*;
}

#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}

domain config

map $http_upgrade $type {
  default "web";
  websocket "ws";
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2; 
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    root /var/www/domain.com/public/;
    index index.php;
    server_name domain.com;
#    include /var/www/domain.com/domain/.nginx.conf;
#    ssl        on;
    ssl_certificate         /etc/ssl/certs/cert.pem;
    ssl_certificate_key     /etc/ssl/private/key.pem;

    if ($host != "domain.com") {
         return 403;
}

#    location / {
#        try_files $uri $uri/ /index.php?$query_string;
#    }

    location ~ \.php$ {
       include snippets/fastcgi-php.conf;
       fastcgi_pass             unix:/var/run/php/php7.4-fpm.sock;
       fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

    include /var/www/domain.com/.nginx.conf;

location / {
    try_files /nonexistent @$type;
}

location @ws {
    proxy_pass             http://127.0.0.1:2083;
    proxy_read_timeout     60;
    proxy_connect_timeout  60;
    proxy_redirect         off;
        # Allow the use of websockets
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
    }

}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name monitor.domain.com;

    location / {    
        proxy_pass "http://localhost:19999/";
    }

        if ($host != "monitor.domain.com") {
                 return 403;
}

    ssl_certificate         /etc/ssl/certs/cert.pem;
    ssl_certificate_key     /etc/ssl/private/key.pem;

}

I edited the default .nginx.conf from flarum, for br compression, and websockets

# Pass requests that don't refer directly to files in the filesystem to index.php
location @web {
  try_files $uri $uri/ /index.php?$query_string;
}

# Uncomment the following lines if you are not using a `public` directory
# to prevent sensitive resources from being exposed.
location ~* ^/(\.git|composer\.(json|lock)|auth\.json|config\.php|flarum|storage|vendor) {
   deny all;
   return 404;
 }

# The following directives are based on best practices from H5BP Nginx Server Configs
# https://github.com/h5bp/server-configs-nginx

# Expire rules for static content
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
  add_header Cache-Control "max-age=0";
}

location ~* \.(?:rss|atom)$ {
  add_header Cache-Control "max-age=3600";
}

location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
  add_header Cache-Control "max-age=60d";
  access_log off;
}

location ~* \.(?:css|js)$ {
  add_header Cache-Control "max-age=60d";
  access_log off;
}

location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
  add_header Cache-Control "max-age=60d";
  access_log off;
}

# Gzip compression
gzip on;
gzip_comp_level 9;
gzip_min_length 20;
gzip_proxied any;
gzip_vary on;
gzip_types
    application/atom+xml
    application/javascript
    application/json
    application/ld+json
    application/manifest+json
    application/rss+xml
    application/vnd.geo+json
    application/vnd.ms-fontobject
    application/x-font-ttf
    application/x-web-app-manifest+json
    application/xhtml+xml
    application/xml
    font/opentype
    image/bmp
    image/jpeg
    image/png
    image/svg+xml
    image/x-icon
    text/cache-manifest
    text/css
    text/javascript
    text/plain
    text/vcard
    text/vnd.rim.location.xloc
    text/vtt
    text/x-component
    text/x-cross-domain-policy;

   #brotli
brotli              on;
brotli_comp_level   11;
brotli_static       on;

brotli_types        
    application/atom+xml
    application/javascript
    application/json
    application/ld+json
    application/manifest+json
    application/rss+xml
    application/vnd.geo+json
    application/vnd.ms-fontobject
    application/x-font-ttf
    application/x-web-app-manifest+json
    application/xhtml+xml
    application/xml
    font/opentype
    image/bmp
    image/jpeg
    image/png
    image/svg+xml
    image/x-icon
    text/cache-manifest
    text/css
    text/javascript
    text/plain
    text/vcard
    text/vnd.rim.location.xloc
    text/vtt
    text/x-component
    text/x-cross-domain-policy;

Edit My config might seem messy, you may propose some changes to them 😅

MeowMeowVenom commented 3 years ago

Maybe flarum can get a custom rule set, just like wordpress 🤔

tankerkiller125 commented 3 years ago

So just to be clear when you disable mod_security Flarum does work? Or it doesn't work properly?

MeowMeowVenom commented 3 years ago

Yes, it works perfectly fine.

Now out of frustration, I removed mod_security completely (cause I broke nginx today while I tried to install brotli)

luceos commented 3 years ago

Unless this becomes a common problem I don't think it makes sense for us to invest time on adding and maintaining a configuration for this nginx mod.

As a DevOps this is probably best delegated to you.

flarum / framework

Nginx + Mod_Security gives 403 when trying to post #2994

Bug Report