upload file failed. #2658
Comments
|
maybe bug in multipart.cc |
|
should same as 1900 |
|
Hello @877509395 , Did you change rule 200004, from the default? to instead be: If so, in future please include such important details (especially non-default settings) in your reports. I do not recommend changing 200004 from the default content in modsecurity.conf-recommended. There are known issues related to the setting of '2'. If a multipart request body contains only one part that is one problem situation for the '2' setting. If you want to know more about this you can have a look at: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
curl -F "filename=@file_name_to_be_upload" www.test00003.com
but "403 Forbidden" received.
the key info:
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator
Eq' with parameter0' against variableMULTIPART_UNMATCHED_BOUNDARY' **(Value:2'** ) [file "/usr/local/nginx/conf/rules/modsecurity.conf"] [line "74"] [id "200004"] [rev ""] [msg "Multipart parser detected a possible unmatched boundary."] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "172.18.0.3"] [uri "/"] [unique_id "1640166975"] [ref "v181,1"][root@localhost work]# curl --version
curl 7.80.0 (x86_64-pc-linux-gnu) libcurl/7.80.0 zlib/1.2.7 OpenLDAP/2.4.44
Release-Date: 2021-11-10
Protocols: dict file ftp gopher http imap ldap mqtt pop3 rtsp smtp telnet tftp
Features: alt-svc AsynchDNS IPv6 Largefile libz UnixSockets
Logs and dumps
attached.
Notice: Be carefully to not leak any confidential information.
Server (please complete the following information):
Rule Set (please complete the following information):
core rule
debug.log
audit.log
3.4
The text was updated successfully, but these errors were encountered: