Having Problems with WAF with Nextcloud behind it. Error: "413 Request Entity too large"

Hi,

I'am using the standard Mode which is 4(Most Restrictive).

I've already looked in the advanced shell, but there is nothing logged as restricted.

Please enable the debug logging as suggested here:

Hi,

I've found the following error related to the upload:

[Thu Feb 27 22:44:15.948735 2020] [security2:error] [pid 23885:tid 139679122720512] [client ***.***.***.***:51412] [client ***.***.***.***] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "***********"] [uri "/remote.php/dav/uploads/**********/501f9459ceeb6f12bbee63637795811e/0000000000000000-0000000002256745"] [unique_id "Xlg4L38AAAEAAF1NhhMAAAAf"]

But now the question is, how to fix this?

Regards

Hi,

I've found the following error related to the upload:

[Thu Feb 27 22:44:15.948735 2020] [security2:error] [pid 23885:tid 139679122720512] [client ***.***.***.***:51412] [client ***.***.***.***] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "***********"] [uri "/remote.php/dav/uploads/**********/501f9459ceeb6f12bbee63637795811e/0000000000000000-0000000002256745"] [unique_id "Xlg4L38AAAEAAF1NhhMAAAAf"]

But now the question is, how to fix this?

Regards

Based on the error,

the issue is this:

https://support.plesk.com/hc/en-us/articles/115001764933-Unable-to-edit-document-on-the-website-Request-body-no-files-data-length-is-larger-than-the-configured-limit-

but in XG there is no SecRequestBodyNoFilesLimit inside the /usr/apache/conf/waf/modsecurity.conf file.

I highly suggest to open a ticket with support and let us know.

Regards

An update:

there is another thread:

https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/114221/413-request-entity-too-large#pi2151=2

and the solution is to update the psql DB.

Let us know if it works.

Also, please vote the feature request:

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/37834261-waf-possibility-to-edit-secrequestbodynofileslimit

Regards

Hi,

thank you for your answer, this worked!

FloSupport, could you investigate if this could be fixed in a Firmware Update?

Because always modifying the PostgreSQL after changing a setting in the Web Protection Rules isn't a really comfortable soloution.

Thanks for letting the community know. Since with some commands, it is possible to change the parameters, I guess that should not be so difficult to bring the feature inside the UI somewhere.

Let's see if FloSupport can find out.

Thanks again Dwayne Parker.

Hi,

 unfortunately, the Uploads are still failing.

When uploading big Files ( >100MB), the Upload stucks in the last few Bytes, and nothing happens for a few Seconds. Then Nextcloud says: "Upload failed due to an unknown Error.".

In the WAF log is a 408 Timeout error Logged, with only the source IP, although in the logs of the Server, there isn't this error

Further, after turning on the Debug Logging of the Proxy, there are some of this entries:

"[crit] Memory allocation failed, aborting process.", I think there is some bigger Problem with WAF in Version 18.

My Appliance has 6 GB of RAM and 256 GB SSD, so there should not be a Problem with too less disk space or RAM (The memory Consumption is around 30 - 40 %).

Again, uploading never were a problem in Version 17.5.

FloSupport I would be glad, if you could take a look at this Problem.

Hi,

any news or solutions on this topic?

Hi Dwayne,

There are long term plans to implement a CLI option to change these values, however no information is yet available regarding a version or date.

Apologies for the inconvenience caused.

Regards,

Hi,

thank you for your answer, unfortunately, the uploads are not working after changing the values, furthermore the proxy is logging critical Errors with the Memoryallocation.

The problem now is to fix this, and get the Uploads to work.

Regards

Any News on this?

Without having this fixed, WAF is pretty useless for me.