Hello,
I have a question about the WAF.
I'm trying to "harden" my Nextcloud further and I'm doing pretty well on exceptions for certain paths and OWASP IDs:
However, I now get a 500 Internal Server Error when arming the Web Server Policy.
The logfile unfortunately only tells me the following and I don't really see how the 500 is caused:[Fri May 15 14:57:23.999289 2020] [form_hardening:error] [pid 31497:tid 140100859967232] [client x.x.x.x:64325] Failed to validate form: Received unhardened form data (1)[Fri May 15 14:57:23.999318 2020] [security2:error] [pid 31497:tid 140100859967232] [client x.x.x.x:64325] [client x.x.x.x] ModSecurity: Error reading request body: Permission denied [hostname "x.x.x.x.com"] [uri "/login"] [unique_id "Xr6Rs38AAAEAAHsJCeEAAACK"][Fri May 15 14:57:23.997650 2020] timestamp="1589547443" srcip="x.x.x.x" localip="x.x.x.x" user="-" method="POST" statuscode="500" reason="Form Hardening" extra="Received unhardened form data" exceptions="SkipFormHardening" duration="2218" url="/login" server="x.x.x.x.com" referer="-" cookie="ocadc83b19e7=3c37e6dc39ea0cfb156332b895a47381; oc_sessionPassphrase=we9R77W5qWHgIFV1r3XCq2iqSb6KS7Lm6DG4nuYJVyNzy4K%2Fb%2BXSzZVtOqqUjXMsQAU8ctHPlw6Im80iu3p50X25uV%2FREB69J%2Fah8vDWTQT%2BRBXOz4Y6Pnfp36vkVwUG; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; HASH_ocadc83b19e7=9cbf4ea074230946258f1e9b8a21a0b76b902051; HASH_oc_sessionPassphrase=07c6f27cffa20f505a3c826393d1c00be324dda0; HASH___Host-nc_sameSiteCookielax=0f59ded9742a4c197275fda6e2efe287cdc5b7e8; HASH___Host-nc_sameSiteCookiestrict=5ffc9c972b7b89aa5e826a6c96c639db0a947f66" set-cookie="-" recvbytes="2110" sentbytes="4844" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="12"[Fri May 15 14:57:24.236749 2020] [form_hardening:error] [pid 31497:tid 140100843181824] (22)Invalid argument: [client x.x.x.x:64326] No form context found when parsing <input> tag[Fri May 15 14:57:24.236780 2020] [form_hardening:error] [pid 31497:tid 140100843181824] (22)Invalid argument: [client x.x.x.x:64326] No form context found when parsing <input> tag[Fri May 15 14:57:24.236791 2020] [form_hardening:error] [pid 31497:tid 140100843181824] (22)Invalid argument: [client x.x.x.x:64326] No form context found when parsing <input> tag[Fri May 15 14:57:24.236799 2020] [form_hardening:error] [pid 31497:tid 140100843181824] (22)Invalid argument: [client x.x.x.x:64326] No form context found when parsing <input> tag[Fri May 15 14:57:24.236808 2020] [form_hardening:error] [pid 31497:tid 140100843181824] (22)Invalid argument: [client x.x.x.x:64326] No form context found when parsing <input> tag[Fri May 15 14:57:24.192233 2020] timestamp="1589547444" srcip="x.x.x.x" localip="x.x.x.x" user="-" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipFormHardening" duration="47924" url="/login" server="x.x.x.x.com" referer="-" cookie="ocadc83b19e7=3c37e6dc39ea0cfb156332b895a47381; oc_sessionPassphrase=we9R77W5qWHgIFV1r3XCq2iqSb6KS7Lm6DG4nuYJVyNzy4K%2Fb%2BXSzZVtOqqUjXMsQAU8ctHPlw6Im80iu3p50X25uV%2FREB69J%2Fah8vDWTQT%2BRBXOz4Y6Pnfp36vkVwUG; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true" set-cookie="-" recvbytes="993" sentbytes="4817" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="12"^CSFVH_VM01_SFOS 18.0.0 GA-Build354.HF051220.1#
I recognize the red marked text excerpts as a possible error, but I still see that an exception is working. Why do I still get this error?
Does anyone have an idea?
Best regards
This thread was automatically locked due to age.
