Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 24 replies
  • Subscribers 33 subscribers
  • Views 17157 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Having Problems with WAF with Nextcloud behind it. Error: "413 Request Entity too large"

Dwayne Parker

Hi,

 

I am using a Nextcloud behind a XG with WAF enabled. This worked until version 18 of XG. Now I am getting 413 Request Enitity too large Errors as soon as I am enabling "Common threat filter", Antivirus or Cookie Signing in the Protection Policy.

The WebServerProtection Log's in XG are showing the requests as allowed, but with HTTP Status Code 413. In the Logs of the server, there's nothing found.

Could someone advise me how to fix this?

 

P.S. After some research, I've read in the Nextcloud Forums that if a NGINX Reverseproxy is used, the configuration key "client_max_body_size" has to be set to a higher value.



This thread was automatically locked due to age.
Parents
  • 0

    Having just updated to v18 from 17.5.9 we're having the exact same issue with Nextcloud behind the WAF. Our instance is probably a bit of a special case because it gets daily uploads of multiple files in excess of 40GB each, so "upping the value a little bit" doesn't help, and erring on the side of caution and setting the value equivalent to 100GB doesn't work because the integer is too big.

    This all worked fine without any database tinkering in v17 so it certainly appears to be a v18 bug rather than an issue with Nextcloud or our WAF policies. For now we've had to cripple our WAF policy but I'm subscribing to this thread in the hope of a proper fix as opposed to a nasty workaround. Cheers.

  • +2 in reply to Mike Watt

    Hi All,

    After following up with our Development team (NC-55441), they have informed me that:

    • The Nextcloud server uses WebDAV for file upload, which is not fully supported by WAF at this time.

    Apologies for the inconvenience caused.

    Regards,

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to FloSupport

    Hi,

     

     is there a Fix scheduled for this Issue? If so, when could we expect the Fix to be released?

     

    Regards,

    Dwayne Parker

    _______________________________________________

    Sophos XG User

  • 0 in reply to FloSupport

    Hello,  

    Could you please clarify the support for WebDAV by the WAF component of the XG?

    Specifically:

    Does Sophos XG 17.5 support WebDAV behind the WAF component?

    Does Sophos XG 18 support WebDAV behind the WAF component?

    If not, is their a plan to support WebDAV in the WAF within the next 6 months?

    Can you recommend an approach to protecting a WebDAV server with the XG firewall if the WAF component is not designed to do this?

     

    Thank you for any suggestions and answers you can offer.

  • 0 in reply to J_87586

    I don't know if WebDAV is *supported* in 17.5 (as in they will provide support if you have issues) but it definitely *works*in 17.5.

    In 18 it's completely broken unless you disable the Common Threat Filters category entirely, which largely cripples the WAF protection.

Reply
  • 0 in reply to J_87586

    I don't know if WebDAV is *supported* in 17.5 (as in they will provide support if you have issues) but it definitely *works*in 17.5.

    In 18 it's completely broken unless you disable the Common Threat Filters category entirely, which largely cripples the WAF protection.

Children
No Data
Unfiltered HTML