Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 11 replies
  • Subscribers 28 subscribers
  • Views 15956 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exchange / WAF - OWA, ActiveSync 1MB File Limit - SFOS 19 GA

F Neumann

I'm getting following error in WAF-log:

ModSecurity: Request body no files data length is larger than the configured limit (1048576)

Is there a new switch in gui or command line to increase 1 MB limit in V19? There were forum posts some years and some month ago that indicated there would be a solution in future? 

Anything i can do except contacting support? KB-article?

Are these command for advanced shell still usable in V19? still only temporary fix?

## 1. find correct ID:
psql -U nobody -d corporate -c "select name,id,sec_request_body_no_files_limit from tblwafsecurityprofile;"

## 2. Update limit with previously selected ID:
psql -U nobody -d corporate -c "update tblwafsecurityprofile set sec_request_body_no_files_limit='52428800' where id ='7';"

## 3. Check successfully updated value for sec_request_body_no_files_limit:
psql -U nobody -d corporate -c "select name,id,sec_request_body_no_files_limit from tblwafsecurityprofile;"

## 4. Update config:
opcode waf_reconfig -t json -b '{"Entity": "waf_advanced_config", "Event": "UPDATE"}' -ds nosync



This thread was automatically locked due to age.
  • 0

    You should contact Support to get this applied to your system

    __________________________________________________________________________________________________________________

  • +1

    Hello ,

    You can refer the following commands below, before executing ensure to take a backup of the existing config: 

    psql -U nobody -d corporate -c "select id, name, comment, sec_request_body_no_files_limit from tblwafsecurityprofile;"

    id | name | comment | sec_request_body_no_files_limit
    ----+---------------------------+---------------------------+---------------------------------
    4 | Microsoft Lync | Microsoft Lync | 1048576
    5 | Microsoft RDG 2008 | Microsoft RDG 2008 | 1048576
    6 | Microsoft RD Web 2008 | Microsoft RD Web 2008 | 1048576
    3 | Exchange Outlook Anywhere | Exchange Outlook Anywhere | 1048576
    1 | Exchange AutoDiscover | Exchange AutoDiscover | 1048576
    2 | Exchange General | Exchange General | 1048576
    7 | Exchange General (neu) | Exchange General | 1048576
    (7 rows)

    You can run the following to increase to 52 MB for example
    (for 52MB value will be 5,242,880)

    Support can help you update the size from 1 to your desire value, an example is shown above, with that reference value you can contact support. 

    ==========================================================

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Thanks, @Vivek! 52MB is fine. Will that change stay reboot and gui-waf-update persistent?

  • 0 in reply to F Neumann

    Please do not change this at your own. You will revoke your entire Support by doing this. 

    __________________________________________________________________________________________________________________

  • 0 in reply to F Neumann

    Yes that will be reboot persistent !! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to LuCar Toni

    So why @Vivek (=Sophos Staff?) posting this, if not supported? What about an official KB articel for this? 1MB Size limit probably not suitable in many WAF-configurations?

  • 0 in reply to F Neumann

    What   means is just, perform the action under a Sr Support level engineer rather than by your own, as this are database commands !! 

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to F Neumann

    Essentially the answer to your question is on the Release Notes // Known Issue list:docs.sophos.com/.../index.html

    NC-85063 WAF WAF does not permit file uploads larger than 1 MB in OWA. Contact Sophos Support.

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes, Known Issue since UTM ... and through all XG Versions... What about an official, self deployable solution, instead waiting 2-3 days to get Sr. Support Level Session for such a basic setting?!

  • 0 in reply to F Neumann

    It is not an issue at all. It is a mod security feature to protect the setup. Essentially it is a general feature of Mod security to not allow such big content through the reverseproxy as it could be used by other methods of attack vectors. 

    By increasing this value for all profiles, it could generally be an increase attack vector. Therefore it is per default a small value (1 MB). 

    Currently there are way to investigate to change this via Console/Webadmin but DEV is working on other priorities as WAF for Exchange is loosing it use cases per day basis (customers moving to Exchange Online/M365). 

    __________________________________________________________________________________________________________________

Unfiltered HTML