Open cerebox opened 10 months ago
Hello @cerebox ,
What is the Content-Type for these requests? Is it 'multipart/form-data'? Or something else?
Are you using SecRequestBodyLimit? If so, what is its size compared to the size of the body in the request?
Hello @martinhsv
The Content-Type of the request is multipart/form-data
.
I tried and without and with using SecRequestBodyLimit and SecRequestBodyNoFilesLimit with these values
SecRequestBodyLimit 524288000
SecRequestBodyNoFilesLimit 524288000
I have a different behavior this time, the nginx worker is killed by the OOM reaper
Hello @cerebox ,
SecRequestBodyAccess Off has never truly shut off access to the request body in ModSecurity v3. The current behaviour of this setting is non-intuitive and problematic (see #2465 for some additional detail). Use with caution or not at all (the latter would be my suggestion).
ProcessPartial is also usually not the best choice. See my two comments from Feb. 17, 2022 beginning here: https://github.com/SpiderLabs/ModSecurity/issues/1471#issuecomment-1042962449
Regarding your proposed code change, I believe it is a good one. It looks like the original fix from 2017 did not take into account that the file might have increased in size after the call to reserve().
Hello! I'm trying to setup ModSecurity but I'm dealing with issues when uploading large files.
At first I had issues uploading files so I set
SecRequestBodyAccess
toOff
, which is working fine for files up to ~800MB but with larger files (1.3GB), nginx is still crashing.Logs and dumps
Output of:
Expected behavior
I expected body not to be loaded in memory as
SecRequestBodyAccess
is set toOff
andSecRequestBodyLimitAction
is set toProcessPartial
.Server :
Rule Set: OWASP coreruleset v3.3.5
Additional context
This issue is similar to https://github.com/SpiderLabs/ModSecurity/issues/1517
Would this patch be acceptable ? I have tested it with large files and nginx does not crash with it. Thanks.