Hi folks, here is a new problem with CRS 3.0(.2). There is an nGinx with Modsecurity 3.0, and CRS 3.0.2, and an Apache backend, which serves a webmail (Roundcube).
When I try to import my GPG key through the upload, I got 403 Forbidden answer. Here are the details: HTTP req: POST https://webmail.mydomain.com/?_task=settings&_action=plugin.enigmakeys&_a=import&_unlock=loading1503472197200 ... Content-Length 4443 Content-Type multipart/form-data; boundary=---------------------------186567636118947579521451609378 HTTP resp: 403 Forbidden Content of audit.log: ---3U4kCbBk---A-- [23/Aug/2017:09:10:32 +0200] 15034722321.000000 client.ip.addr 51048 client.ip.addr 443 ---3U4kCbBk---B-- POST /?_task=settings&_action=plugin.enigmakeys&_a=import&_unlock=loading1503472197200 HTTP/1.1 Connection: keep-alive Referer: https://webmail.mydomain.com/?_task=settings&_framed=1&_action=plugin.enigmakeys&_a=import Content-Type: multipart/form-data; boundary=---------------------------186567636118947579521451609378 Accept-Encoding: gzip, deflate, br Cookie: language=hu; _ga=GA1.2.817NNNNNN.14NNNNNNNN; roundcube_sessid=sessionidtoken; roundcube_sessauth=sessauthidtoken Content-Length: 4443 Accept-Language: hu-HU,hu;q=0.8,en-US;q=0.5,en;q=0.3 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:55.0) Gecko/20100101 Firefox/55.0 Host: webmail.mydomain.com Upgrade-Insecure-Requests: 1 ---3U4kCbBk---D-- ---3U4kCbBk---E-- ³É(Éͱãå²ÉHML±³)É,ÉIµ310VpË/JÊLIIͳ ... ... ---3U4kCbBk---F-- Server: nginx/1.6.2 Date: Wed, 23 Aug 2017 07:10:32 GMT Content-Type: text/html Connection: keep-alive Content-Encoding: gzip ---3U4kCbBk---H-- ModSecurity: Warning. Matched "Operator `Eq' with parameter `0' against variable `MULTIPART_UNMATCHED_BOUNDARY' (Value: `1' ) [file "/etc/nginx/modsecurity.conf"] [line "66"] [id "200004"] [rev ""] [msg "Multipart parser detected a possible unmatched boundary."] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [ref "v810,1"] ---3U4kCbBk---I-- ---3U4kCbBk---J-- ---3U4kCbBk---Z-- Here is the detail of POST request: -----------------------------186567636118947579521451609378 Content-Disposition: form-data; name="_token" nEWGe3VUF9R1K7d0SSx4rZRYkYeN849B -----------------------------186567636118947579521451609378 Content-Disposition: form-data; name="_framed" 1 -----------------------------186567636118947579521451609378 Content-Disposition: form-data; name="_file"; filename="airween_at_gmail.com.asc" Content-Type: text/plain -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQINBFhwuigBEAC+gnmOXXTEtedn5hqcjLirPM6phHGLdeqVUsD0sRDWFjgcoh7b ... =G+Dl -----END PGP PUBLIC KEY BLOCK----- -----------------------------186567636118947579521451609378 Content-Disposition: form-data; name="_search" -----------------------------186567636118947579521451609378-- This error occures when I upload the .asc file above, when I try to upload a "simple" csv, or png, everything works as well. What should I do? How can I fix this error? Thanks, a. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
