Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Mac ownCloud desktop client and Calendar.app over privacy VPN
See original GitHub issueDescription
Originally filed as owncloud/core#39109.
Audit Logs / Triggered Rule Numbers
[Thu Aug 12 01:42:04.791801 2021] [:error] [pid 735:tid 4087120979712] [client ….….….…:43070] [client ….….….…] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at REQUEST_BODY. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "52"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: propfind xmlns:d=\\x22dav:\\x22>\\x0a found within REQUEST_BODY: <?xml version=\\x221.0\\x22 ?>\\x0a<d:propfind xmlns:d=\\x22dav:\\x22>\\x0a <d:prop>\\x0a <d:getlastmodified />\\x0a </d:prop>\\x0a</d:propfind>\\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "…"] [uri "/remote.php/webdav/"] [unique_id "…"]
[Thu Aug 12 01:42:04.795182 2021] [:error] [pid 735:tid 4087120979712] [client ….….….…:43070] [client ….….….…] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "…"] [uri "/remote.php/webdav/"] [unique_id "…"]
[Fri Aug 13 01:48:07.565414 2021] [:error] [pid 15257:tid 4087120979712] [client ….….….…:22550] [client ….….….…] ModSecurity: Warning. Pattern match "(?:get|post|head|options|connect|put|delete|trace|track|patch|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+(?:\\\\/|\\\\w)[^\\\\s]*(?:\\\\s+http\\\\/\\\\d|[\\\\r\\\\n])" at REQUEST_BODY. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "52"] [id "921110"] [msg "HTTP Request Smuggling Attack"] [data "Matched Data: propfind xmlns:a=\\x22dav:\\x22>\\x0a found within REQUEST_BODY: <?xml version=\\x221.0\\x22 encoding=\\x22utf-8\\x22?>\\x0a<a:propfind xmlns:a=\\x22dav:\\x22>\\x0a <a:prop>\\x0a <b:calendar-home-set xmlns:b=\\x22urn:ietf:params:xml:ns:caldav\\x22/>\\x0a <b:calendar-user-address-set xmlns:b=\\x22urn:ietf:params:xml:ns:caldav\\x22/>\\x0a <a:current-user-principal/>\\x0a <a:displayname/>\\x0a <c:dropbox-home-url xmlns:c=\\x22http://calendarserver.org/ns/\\x22/>\\x0a <c:email-address-set xmlns:c=\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia- [hostname "…"] [uri "/remote.php/dav/"] [unique_id "…"]
[Fri Aug 13 01:48:07.570392 2021] [:error] [pid 15257:tid 4087120979712] [client ….….….…:22550] [client ….….….…] ModSecurity: Access denied with code 418 (phase 2). Operator GE matched 7 at TX:anomaly_score. [file "/dh/apache2/template/etc/mod_sec3_CRS/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "…"] [uri "/remote.php/dav/"] [unique_id "…"]
Your Environment
- Client(s)
- Calendar.app (Mac OS)
- ownCloud desktop client (latest version)
- Server
- DreamHost (apache, mod_security)
Confirmation
- I have removed any personal data (email addresses, IP addresses, passwords, domain names) from any logs posted.
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (5 by maintainers)
Top Results From Across the Web
The Desktop App for efficient syncing - ownCloud
Learn more about the ownCloud Desktop App. Access and sync files and folders, work on remote files right from the desktop.
Read more >Desktop App for better ownCloud integration in all 3 OS
Learn more about the ownCloud Virtual File System. The Desktop App integrates nicely into the native file managers in Windows, macOS and Linux....
Read more >Accessing ownCloud Files Using WebDAV
In this chapter you will learn how to connect Linux, Mac OS X, Windows and mobile devices to your ownCloud server via WebDAV....
Read more >ownCloud Desktop Client Manual
The Desktop App enables users to access and sync files and folders from their ownCloud, work on remote files right from the desktop...
Read more >Frequently asked questions (FAQs) around ownCloud
ownCloud is a file server that enables secure storage, collaboration and sharing. ... Why does the calendar/contacts app not work with Android?
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Ah, good thinking, or the content-type is not set correctly, so rule 200000 does not identify it as XML.
Hmmm…I have no control over setting the content type. The request is coming from OS X’s
Calendar.app.