-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
500 error for big request body without files #11
Comments
Interesting! Do you have any logging from any container? |
No not yet, I will enable logs and check again |
Let me try to summarize all my tests:
All of the above seems correct right, that's what we expect from them. |
Have you been able to reproduce it by chance? |
any updates on this? |
I might be encountering this issue in prod. Maybe it's better to write some test and try to trigger this error using docker-compose, or any other method that is reproducible |
definiately need this support as well |
I'm trying but I can't reproduce. Can you share your traefik configuration? Something that we can reproduce? (docker-compose / kubernetes) |
I removed everything which is not relevant for the problem, so that you can directly see the relevant configuration:
Please note that POSTing a file bigger than |
I'm not sure if the plugin is causing this, or if it's the owasp container. That's why I opened the same issue on the owasp container: coreruleset/modsecurity-crs-docker#85
I have a form which submits base64 images, so the request body size is somewhere in the 8Mb.
On the owasp container, If I don't specify
MODSEC_REQ_BODY_NOFILES_LIMIT
with a big number, then I will see the modsec rule200002
to fire.If I specify
MODSEC_REQ_BODY_NOFILES_LIMIT
with a big enough number (25Mb in my case), the modsec container will not show any errors, however my page will display a500 Internal Server Error
.If I don't use modsec at all, my page does not show any error.
Would anyone have a clue why this is happening?
To be clear, I'm not uploading files, just big text body content.
The reason I'm also posting here, is because the rule will correctly fire if I leave its default value of 128Kb. So I assume it can correctly handle such big request body. So if it can handle it, it must fail somewhere else I would guess.
And when the rule correctly fires, I still see a 500 error on my webpage, so I assume there is still something wrong going on somewhere
I am using the plugin in its version 1.2.1, with maxBodySize: 26214400
I also tried version 1.1.0 with the same result
The text was updated successfully, but these errors were encountered: