Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 24 replies
  • Subscribers 33 subscribers
  • Views 17146 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Having Problems with WAF with Nextcloud behind it. Error: "413 Request Entity too large"

Dwayne Parker

Hi,

 

I am using a Nextcloud behind a XG with WAF enabled. This worked until version 18 of XG. Now I am getting 413 Request Enitity too large Errors as soon as I am enabling "Common threat filter", Antivirus or Cookie Signing in the Protection Policy.

The WebServerProtection Log's in XG are showing the requests as allowed, but with HTTP Status Code 413. In the Logs of the server, there's nothing found.

Could someone advise me how to fix this?

 

P.S. After some research, I've read in the Nextcloud Forums that if a NGINX Reverseproxy is used, the configuration key "client_max_body_size" has to be set to a higher value.



This thread was automatically locked due to age.
  • 0 in reply to lferrara

    Hi,

     

     unfortunately, the Uploads are still failing.

    When uploading big Files ( >100MB), the Upload stucks in the last few Bytes, and nothing happens for a few Seconds. Then Nextcloud says: "Upload failed due to an unknown Error.".

    In the WAF log is a 408 Timeout error Logged, with only the source IP, although in the logs of the Server, there isn't this error

    Further, after turning on the Debug Logging of the Proxy, there are some of this entries:

    "[crit] Memory allocation failed, aborting process.", I think there is some bigger Problem with WAF in Version 18.

    My Appliance has 6 GB of RAM and 256 GB SSD, so there should not be a Problem with too less disk space or RAM (The memory Consumption is around 30 - 40 %).

    Again, uploading never were a problem in Version 17.5.

     I would be glad, if you could take a look at this Problem.

    _______________________________________________

    Sophos XG User

  • 0 in reply to Dwayne Parker

    Hi,

     

    any news or solutions on this topic?

    _______________________________________________

    Sophos XG User

  • 0 in reply to Dwayne Parker

    Hi Dwayne,

    There are long term plans to implement a CLI option to change these values, however no information is yet available regarding a version or date.

    Apologies for the inconvenience caused.

    Regards,

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to FloSupport

    Hi,

     

    thank you for your answer, unfortunately, the uploads are not working after changing the values, furthermore the proxy is logging critical Errors with the Memoryallocation.

    The problem now is to fix this, and get the Uploads to work.

     

    Regards

    _______________________________________________

    Sophos XG User

  • 0 in reply to Dwayne Parker

    Any News on this?

    Without having this fixed, WAF is pretty useless for me.

    _______________________________________________

    Sophos XG User

  • 0

    Having just updated to v18 from 17.5.9 we're having the exact same issue with Nextcloud behind the WAF. Our instance is probably a bit of a special case because it gets daily uploads of multiple files in excess of 40GB each, so "upping the value a little bit" doesn't help, and erring on the side of caution and setting the value equivalent to 100GB doesn't work because the integer is too big.

    This all worked fine without any database tinkering in v17 so it certainly appears to be a v18 bug rather than an issue with Nextcloud or our WAF policies. For now we've had to cripple our WAF policy but I'm subscribing to this thread in the hope of a proper fix as opposed to a nasty workaround. Cheers.

  • +2 in reply to Mike Watt

    Hi All,

    After following up with our Development team (NC-55441), they have informed me that:

    • The Nextcloud server uses WebDAV for file upload, which is not fully supported by WAF at this time.

    Apologies for the inconvenience caused.

    Regards,

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to FloSupport

    Hi,

     

     is there a Fix scheduled for this Issue? If so, when could we expect the Fix to be released?

     

    Regards,

    Dwayne Parker

    _______________________________________________

    Sophos XG User

  • 0 in reply to FloSupport

    Hello,  

    Could you please clarify the support for WebDAV by the WAF component of the XG?

    Specifically:

    Does Sophos XG 17.5 support WebDAV behind the WAF component?

    Does Sophos XG 18 support WebDAV behind the WAF component?

    If not, is their a plan to support WebDAV in the WAF within the next 6 months?

    Can you recommend an approach to protecting a WebDAV server with the XG firewall if the WAF component is not designed to do this?

     

    Thank you for any suggestions and answers you can offer.

  • 0 in reply to J_87586

    I don't know if WebDAV is *supported* in 17.5 (as in they will provide support if you have issues) but it definitely *works*in 17.5.

    In 18 it's completely broken unless you disable the Common Threat Filters category entirely, which largely cripples the WAF protection.

Unfiltered HTML