Am 01.12.2016 um 10:53 schrieb Ehsan Mahdavi:
It isn't very odd to me if Matej uses Nginx with Modsec V2.x.
As an experienced Nginx + Modsec V2.x(nginx_refactoring) user, it
looks like to a known bug. While using nginx+modsecV2.x in reverse
proxy mode (which is not the case for Matej) we have the very same
issue for some post requests.
I can refer you to these links:
All complaining about this problem and no one takes the responsibility.
The only way is to disable modsec for the requested uri and wait for
the community to release modsec V3.0 or higher and hope that this bug
will be fixed.
Meantime he/she might findctl:ruleEngine=off
I didn't follow all the bugs and issues but how can I reproduce this?
I have a running test setup with nginx 1.11.5, Modsecurity-nginx
connector (source 2 weeks old) and Modsecurity v3.
Then I could try to find out if it's already fixed ..
Owasp-modsecurity-core-rule-set mailing list