traefik-modsecurity-plugin icon indicating copy to clipboard operation
traefik-modsecurity-plugin copied to clipboard
verified publisher icon acouvreur

Big file in the request

Open Maxch3306 opened this issue 1 year ago • 5 comments

When I upload a file bigger than 10MB it always have this error. Please help. When I turn off the waf the file upload work fine. log

 [Tue Sep 03 03:22:51.118117 2024] [proxy:error] [pid 24:tid 78] (70007)The timeout specified has expired: [client 172.22.0.8:43200] AH01084: pass request body failed to 172.22.0.2:80 (dummy), referer: https://domain.com/

 [Tue Sep 03 03:22:51.118180 2024] [proxy_http:error] [pid 24:tid 78] [client 172.22.0.8:43200] AH01097: pass request body failed to 172.22.0.2:80 (dummy) from 172.22.0.8 (), referer: https://domain.com/

traefik:
        image: 'traefik:v2.10'
        command:
            - '--log.level=DEBUG'
            - '--log.filePath=/log/log'
            - '--accessLog.filePath=/log/access'
            - '--api.dashboard=true'
            - '--providers.docker=true'
            - '--providers.docker.exposedbydefault=false'
            - '--entrypoints.web.address=:80'
            - '--entrypoints.web.http.redirections.entryPoint.to=websecure'
            - '--entrypoints.web.http.redirections.entryPoint.scheme=https'
            - '--entrypoints.websecure.address=:443'
            #WAF
            - --experimental.plugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin
            - --experimental.plugins.traefik-modsecurity-plugin.version=v1.3.0
        ports:
            - '80:80'
            - '443:443'
        volumes:
            - '/var/run/docker.sock:/var/run/docker.sock:ro'
            - './letsencrypt:/letsencrypt'
            - './log:/log'
        labels:
            - traefik.enable=true
            - traefik.http.routers.traefik.rule=Host(`traefik.${DOMAIN}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
            - traefik.http.routers.traefik.service=api@internal
            - traefik.http.routers.traefik.entrypoints=websecure
            - traefik.http.routers.traefik.tls.certresolver=le
            #WAF
            - traefik.http.middlewares.waf.plugin.traefik-modsecurity-plugin.modSecurityUrl=http://waf:8080
            - traefik.http.middlewares.waf.plugin.traefik-modsecurity-plugin.maxBodySize=2147483648
            - traefik.http.middlewares.waf.plugin.traefik-modsecurity-plugin.timeoutMillis=600000
       waf:
        image: owasp/modsecurity-crs:apache
        environment:
            - PARANOIA=2
            - ANOMALY_INBOUND=10
            - ANOMALY_OUTBOUND=5
            - BACKEND=http://dummy
            - MODSEC_REQ_BODY_LIMIT=2097152000
     # Dummy service that always returns status HTTP 200 to WAF container
       dummy:
            image: traefik/whoami

Maxch3306 avatar Sep 03 '24 03:09 Maxch3306

Same here.

eriCCsan avatar Sep 25 '24 08:09 eriCCsan

I think 10 MB is the default maximum size of the request body:

https://github.com/acouvreur/traefik-modsecurity-plugin/blob/0ced6bdcb5621a6172937b6fe4bb5208744337c9/modsecurity.go#L30

But you can configure it like described in the README:

https://github.com/acouvreur/traefik-modsecurity-plugin#configuration

thomas-mc-work avatar Dec 15 '24 12:12 thomas-mc-work

I think 10 MB is the default maximum size of the request body:

traefik-modsecurity-plugin/modsecurity.go

Line 30 in 0ced6bd

MaxBodySize: 10 * 1024 * 1024, But you can configure it like described in the README:

https://github.com/acouvreur/traefik-modsecurity-plugin#configuration

It doesn't work. My traefik labels: - traefik.http.middlewares.test-waf.plugin.traefik-modsecurity-plugin.modSecurityUrl=http://waf-test:8080 - traefik.http.middlewares.test-waf.plugin.traefik-modsecurity-plugin.maxBodySize=1073741824

and modsecurity env:

  - MODSEC_RULE_ENGINE=DetectionOnly    
  - PARANOIA=1
  - ANOMALY_INBOUND=10
  - ANOMALY_OUTBOUND=5
  - TIMEOUT=1800
  - PROXY_TIMEOUT=1800
  - MAX_FILE_SIZE=1073741824
  - COMBINED_FILE_SIZES=1073741824
  - MODSEC_REQ_BODY_LIMIT=1073741824
  - MODSEC_REQ_BODY_NOFILES_LIMIT=1073741824  
  - MODSEC_AUDIT_LOG=/var/log/modsec_audit.json
  - MODSEC_AUDIT_LOG_FORMAT = JSON
  - MODSEC_AUDIT_LOG_PARTS = ABDEFHIJZ
  - MODSEC_AUDIT_LOG_TYPE = Serial
  - BACKEND=http://dummy-test

dummy is traefik/whoami

I can't upload files larger than 10MB

rhsmart avatar Apr 25 '25 10:04 rhsmart

Hey, do we have a solution or workaround for the issue? I have combined different configurations, but I still couldn't upload large files.

Plugin:

Traefik-modsecurity-plugin:
   maxBodySize: 1073741824
   timeoutMillis: 1800000

modsecurity env:

- TIMEOUT=1800
- PROXY_TIMEOUT=1800
- MAX_FILE_SIZE=1073741824
- COMBINED_FILE_SIZES=1073741824
- MODSEC_REQ_BODY_LIMIT=1073741824
- MODSEC_REQ_BODY_NOFILES_LIMIT=1073741824
- MODSEC_REQ_BODY_LIMIT_ACTION=ProcessPartial

modsecurity-override.conf (duplicated with env but just want to make sure Apache-modsecurity to pick up the configurations):

Timeout      1800
ProxyTimeout 1800

The upload keeps waiting until the 1800 timeout.

honghainguyen777 avatar Jun 05 '25 08:06 honghainguyen777

Updated: I decided to create my own dummy backend instead of using traefik/whoami that allows 10KiB for Request Body Limit.

My simple Go backend (dockerfile):

package main

import (
	"io"
	"log"
	"net/http"
)

func main() {
	// one handler for every path & method
	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		// drain the entire body (important for keep-alive reuse)
		io.Copy(io.Discard, r.Body)
		r.Body.Close()
		w.WriteHeader(http.StatusOK) // 200 for everything
	})
	log.Fatal(http.ListenAndServe(":80", nil))
}

Everything seems to work now (even default TIMEOUT, PROXY_TIMEOUT, MODSEC_REQ_BODY_LIMIT, etc).

honghainguyen777 avatar Jun 06 '25 09:06 honghainguyen777