Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 2874 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF ModSecurity: Deny with code (413)

MatthiasLang

Hallo zusammen,

ich betreibe hinter meiner Sophos UTM 9.703-3 (WAF) einen Nextcloud Server.
Beim Versuch heute ein PDF mit einer Größe von 2,2 MB von meinem iPAD über die Nextcloud App auf den Server zu laden wurde der Upload mit dem Fehler 413: Datei zu Groß abgebrochen.

Im WAF Log der Firewall befindet sich folgender Eintrag:

2020:08:31-20:10:38 sgw01 httpd[10913]: [security2:error] [pid 10913:tid 4037176176] [client xx.xx.xx.xx:55006] [client xx.xx.xx.xx] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [hostname "myhostname.de"] [uri "/nextcloud/remote.php/webdav/DasPDF.pdf"] [unique_id "X009HVjqEhN2mZM2Yau-QwAAAAs"]
2020:08:31-20:10:38 sgw01 httpd: id="0299" srcip="xx.xx.xx.xx" localip="192.168.178.2" size="400" user="-" host="xx.xx.xx.xx" method="PUT" statuscode="413" reason="-" extra="-" exceptions="-" time="529202" url="/nextcloud/remote.php/webdav/DasPDF.pdf" server="myhostname.de" port="443" query="" referer="-" cookie="och23i0rng3y=hoglv9ke4dfq05jvbr8qh5dm3l; nc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; oc_sessionPassphrase=GmFTdzYOVaK08hIW4NHQu6FwkBQ3RHaFdF%2FnFlro8p3sFSzUt%2F7n41Wi3uWpB1r8vz3UH21lxeS0e7Vy6aaIAfzcS1fGDzgl2PlfFNuHJgl0OuyW0tvBF2qwIbTsgvuo" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="X009HVjqEhN2mZM2Yau-QwAAAAs"

Schalte ich das Firewall Profil in der WAF ab funktioniert der Upload einwandfrei.

Gibt es eine Möglichkeit das Problem in den Griff zu bekommen ohne das Firewall Profil zu deaktivieren?

Auf der UTM läuft eine Home Lizenz. 






This thread was automatically locked due to age.
  • 0

    Hallo Matthias,

    (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(])

    Check out this thread: ownCloud - Upload Limit (Content-Length).  I found that by doing a Google on site:community.sophos.com/products/unified-threat-management statuscode="413".

    I would ask Sophos Support for permission to do this if you have a paid license.  If this is a home-use situation and you try the trick I linked you to, please come back here and tell us if it was successful and how much RAM you have for the UTM.

    MfG - Bob (Bitte auf Deutsch weiterhin.)

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • FormerMember
    0 FormerMember

    Hi Matthias Lang,

    Thank you for reaching out to the Community! 

    Could you please provide more logs via PM when you replicate this issue and provide the source IP address. 

    Thanks,

  • 0 in reply to BAlfson

    Hi BAlfson,

    i have also found this Artikle via Google.

    But is not working in my Configuration :(

Unfiltered HTML