Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Change Request Body Limit / Request Body No Files Limit Parameter for os-OPNWAF "Web Application Firewall" #4229

Open
WAG-Adm opened this issue Sep 11, 2024 · 1 comment
Open

Feature Request: Change Request Body Limit / Request Body No Files Limit Parameter for os-OPNWAF "Web Application Firewall" #4229

WAG-Adm opened this issue Sep 11, 2024 · 1 comment
Assignees
@Monviech
Labels
feature Adding new functionality

Comments

@WAG-Adm
Copy link

WAG-Adm commented Sep 11, 2024
edited
Loading

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
the following error in the log of the web server is shown: ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) when the plugin os-OPNWAF is used with the Nextcloud application server. The following parameters musst be increased for the Nextcloud application server: SecRequestBodyLimit, SecRequestBodyNoFilesLimit (modsecurity.conf).
By correcting the parameters in the file directly some other errors are shown, like: REQUEST-920-PROTOCOL-ENFORCEMENT.conf id "920420" and REQUEST-911-METHOD-ENFORCEMENT.conf id "911100"

Describe the solution you'd like
A clear and concise description of what you want to happen.
It would be great to have some fields where we can setup ourselves the limit parameter for the files. We would like also the possibility to adapt the rules for the application server.
After some test with Nextcloud there's lot of false positive that with need to correct with changes in the rule sets. Maybe the possibility to disable some id for a virtual server. That could be a great enhancement.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
If we can manage the rules in os-OPNWAF like in the Ngnix plugin it would also work. After the review of the logs of the Web Application plugin. We have seen other problem like the heartbeat of Nextcloud which is blocked from the ModSecurity module. (id "911100")

Additional context
Add any other context or screenshots about the feature request here.
@WAG-Adm WAG-Adm changed the title Change Request Body Limit / Request Body No Files Limit Parameter for os-OPNWAF "Web Application Firewall" Feature Request: Change Request Body Limit / Request Body No Files Limit Parameter for os-OPNWAF "Web Application Firewall" Sep 11, 2024
@Monviech Monviech self-assigned this Sep 11, 2024
@Monviech Monviech added the feature Adding new functionality label Sep 11, 2024
@Monviech
Copy link
Member

Monviech commented Sep 11, 2024
edited
Loading

FYI, in the next OPNWAF version there will be a feature to exclude individual rule IDs per virtual host, from a nifty dropdown menu where all rules are searchable.

I will add the request secrequest parameters as soon as possible too.

Forum PR: https://forum.opnsense.org/index.php?topic=42775

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Monviech Monviech

Labels
feature Adding new functionality
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Monviech @WAG-Adm