Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 3675 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF - 500 Internal Server Error

intrusus

Hello,

I have a question about the WAF.
I'm trying to "harden" my Nextcloud further and I'm doing pretty well on exceptions for certain paths and OWASP IDs:

 

However, I now get a 500 Internal Server Error when arming the Web Server Policy.

The logfile unfortunately only tells me the following and I don't really see how the 500 is caused:

[Fri May 15 14:57:23.999289 2020] [form_hardening:error] [pid 31497:tid 140100859967232] [client x.x.x.x:64325] Failed to validate form: Received unhardened form data (1)
[Fri May 15 14:57:23.999318 2020] [security2:error] [pid 31497:tid 140100859967232] [client x.x.x.x:64325] [client x.x.x.x] ModSecurity: Error reading request body: Permission denied [hostname "x.x.x.x.com"] [uri "/login"] [unique_id "Xr6Rs38AAAEAAHsJCeEAAACK"]
[Fri May 15 14:57:23.997650 2020] timestamp="1589547443" srcip="x.x.x.x" localip="x.x.x.x" user="-" method="POST" statuscode="500" reason="Form Hardening" extra="Received unhardened form data" exceptions="SkipFormHardening" duration="2218" url="/login" server="x.x.x.x.com" referer="-" cookie="ocadc83b19e7=3c37e6dc39ea0cfb156332b895a47381; oc_sessionPassphrase=we9R77W5qWHgIFV1r3XCq2iqSb6KS7Lm6DG4nuYJVyNzy4K%2Fb%2BXSzZVtOqqUjXMsQAU8ctHPlw6Im80iu3p50X25uV%2FREB69J%2Fah8vDWTQT%2BRBXOz4Y6Pnfp36vkVwUG; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; HASH_ocadc83b19e7=9cbf4ea074230946258f1e9b8a21a0b76b902051; HASH_oc_sessionPassphrase=07c6f27cffa20f505a3c826393d1c00be324dda0; HASH___Host-nc_sameSiteCookielax=0f59ded9742a4c197275fda6e2efe287cdc5b7e8; HASH___Host-nc_sameSiteCookiestrict=5ffc9c972b7b89aa5e826a6c96c639db0a947f66" set-cookie="-" recvbytes="2110" sentbytes="4844" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="12"
[Fri May 15 14:57:24.236749 2020] [form_hardening:error] [pid 31497:tid 140100843181824] (22)Invalid argument: [client x.x.x.x:64326] No form context found when parsing <input> tag
[Fri May 15 14:57:24.236780 2020] [form_hardening:error] [pid 31497:tid 140100843181824] (22)Invalid argument: [client x.x.x.x:64326] No form context found when parsing <input> tag
[Fri May 15 14:57:24.236791 2020] [form_hardening:error] [pid 31497:tid 140100843181824] (22)Invalid argument: [client x.x.x.x:64326] No form context found when parsing <input> tag
[Fri May 15 14:57:24.236799 2020] [form_hardening:error] [pid 31497:tid 140100843181824] (22)Invalid argument: [client x.x.x.x:64326] No form context found when parsing <input> tag
[Fri May 15 14:57:24.236808 2020] [form_hardening:error] [pid 31497:tid 140100843181824] (22)Invalid argument: [client x.x.x.x:64326] No form context found when parsing <input> tag
[Fri May 15 14:57:24.192233 2020] timestamp="1589547444" srcip="x.x.x.x" localip="x.x.x.x" user="-" method="GET" statuscode="200" reason="-" extra="-" exceptions="SkipFormHardening" duration="47924" url="/login" server="x.x.x.x.com" referer="-" cookie="ocadc83b19e7=3c37e6dc39ea0cfb156332b895a47381; oc_sessionPassphrase=we9R77W5qWHgIFV1r3XCq2iqSb6KS7Lm6DG4nuYJVyNzy4K%2Fb%2BXSzZVtOqqUjXMsQAU8ctHPlw6Im80iu3p50X25uV%2FREB69J%2Fah8vDWTQT%2BRBXOz4Y6Pnfp36vkVwUG; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true" set-cookie="-" recvbytes="993" sentbytes="4817" protocol="HTTP/1.1" ctype="text/html" uagent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36" querystring="" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" ruleid="12"
^C
SFVH_VM01_SFOS 18.0.0 GA-Build354.HF051220.1#

I recognize the red marked text excerpts as a possible error, but I still see that an exception is working. Why do I still get this error?
Does anyone have an idea?

Best regards



This thread was automatically locked due to age.
Parents
  • +2

    Okay, sorry for my mistake - I was able to fix it myself and get the Nextcloud running with active server protection.
    In the exceptions of the Nextcloud firewall policy, you have to completely disable the form hardening for /login and /logout:

    The problem is solved now.

Reply
  • +2

    Okay, sorry for my mistake - I was able to fix it myself and get the Nextcloud running with active server protection.
    In the exceptions of the Nextcloud firewall policy, you have to completely disable the form hardening for /login and /logout:

    The problem is solved now.

Children
No Data