Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Enabling nextdloud exclusion --> Expecting an action, got: ctl:requestBodyLimit=1073741824"

See original GitHub issue

Describe the bug

I have a nextcloud install (using modsecurity with the nginx connector), enabled the owasp nextcloud exclusions and everything runs fine - expect uploading big files. So I tried to enable the outcommented, predefined rule in “rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf”:

SecRule REQUEST_URI "@endsWith /index.php/apps/files/ajax/upload.php" \
 "id:9003610,\
    phase:1,\
    t:none,\
    nolog,\
    ctl:requestBodyLimit=1073741824"

Expected behaviour

Big file uploads work

Actual behaviour

Testing the outcommented file results in an error. So running “nginx -t” gives: File: /etc/nginx/modsec/coreruleset-dev/rules/REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf. Line: 35. Column: 33. Expecting an action, got: ctl:requestBodyLimit=1073741824"

–> I can’t even enable the exclusion and don’t see why.

Your Environment

CRS version: current dev branch
Paranoia level setting: 1
ModSecurity version: 3.0.4
Web Server and version: nginx 1.19.10
Operating System and version: Arch Linux, fully up to date

Issue Analytics

State:
Created 2 years ago
Comments:7 (4 by maintainers)

Top GitHub Comments

1reaction

mathsencommented, May 10, 2021

@airween Thanks for your help and detailed answers, which helped a lot to understand the underlying problem! I will regularly check the docs you provided and update the config to the better “ctl:requestBodyLimit”-solution, once it’s available. Thanks for the quick support here.

1reaction

airweencommented, May 9, 2021

Hi @mathsen,

thanks for the report.

Sorry to say, but looks like you ran into a libmodsecurity3 bug (or rather a deficiency), namely libmodsecurity3 does not support the ctl:requestBodyLimit action.

First, you can check the (weak) documentation here. As you can see, this action is just in planning state (marked as TBI - I guess it means “to be implemented”).

But you can also check the source: the scanner (it’s a lexical analyzer) can’t recognize this token (ctl:requestBodyLimit), because it is not implemented yet. You can also check the list of implemented actions here. (Note: if a token exists in the scanner and the parser, it doesn’t mean that it works as you expect.)

Thank you again for your report - it’s a very important feedback for us (it’s a commented rule therefore we did not notice it).

I do not close this issue yet, but appended to the list of our monthly chat agenda. I’m afraid we can’t help you in this issue, but may be we have to do something with that commented rule generally.

Sorry again.

Top Results From Across the Web

Code - GitHub

# The exclusions are only active if crs_exclusions_nextcloud=1 is set. # See rule 900130 in crs-setup.conf.example for instructions. #. # To relax upload ......

Documents Archives > Page 2 of 13 > Blog-D without Nonsense

Enable verbose tracing type of various fio actions. May be 'all' for all types or ... Note that the maximum length of a...

Browse PHP Technical Problem Clusters - Code Grepper

Get code examples instantly right from your google search results with the Grepper Chrome Extension.

pvdisplay帮助文档 - CSDN

方法： tar –cvzf /tmp/root.tar.gz /root --exclude=”file*”. --exckude=”file*” 打包时候排除 file 开头的文件. 软件包管理一般分为两种是 rpm 包和 yum 包。