Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Plesk - ModSecurity - iOS-App error 403 and 502 #1154

Closed
dkoeh opened this issue Feb 12, 2020 · 3 comments
Closed

Plesk - ModSecurity - iOS-App error 403 and 502 #1154

dkoeh opened this issue Feb 12, 2020 · 3 comments

Comments

@dkoeh
Copy link

@dkoeh dkoeh commented Feb 12, 2020

Expected behaviour

Should work...

Actual behaviour

Opening the App results first in 502 and then in 403

IMG_1777

IMG_1778

Steps to reproduce

1 ModSecurity with Atomic Advanced on Plesk Obsidian 18.0.23 Update 4
2 Open iOS-App
3 Error 502
4 Error 403

The log file usually contains this kind of error message:

[modsecurity] [client xxx] [domain cloud.xxx.de] [207]
[/apache/20200212/20200212-1118/20200212-111834-XkPQ@i6QtWm6VQBQVu1lAQAAAUU] [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"] [line "96"] [id "392301"] [rev "7"] [msg "Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [tag "no_ar"] Warning. Match of "rx ^0$" against "REQUEST_HEADERS:Content-Length" required.

The ModSecurity log file shows:

--5a0a7532-A--
[12/Feb/2020:11:18:34 +0100] XkPQ@i6QtWm6VQBQVu1lAQAAAUU xxx 7081
--5a0a7532-B--
REPORT /remote.php/dav/files/username HTTP/1.0
Host: cloud.xxx.de
X-Real-IP: xxx
X-Accel-Internal: /internal-nginx-static-location
Connection: close
Content-Length: 1148
accept: /
accept-language: en-DE;q=1.0, de-DE;q=0.9
authorization: Basic ZGVubmlza29laGxlcjpxUzdFUFNaUW1TaGNIRzJXOVBhZHR6UkhINk5SS1lvRUZINWQwbjdWa3FyUXRxSHhFVkZTR2RhRkZNUDZuazhza0pqZWc2aGQ=
ocs-apirequest: true
user-agent: Mozilla/5.0 (iOS) Nextcloud-iOS/2.25.7
accept-encoding: br;q=1.0, gzip;q=0.9, deflate;q=0.8
cookie: __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oc_sessionPassphrase=JRXlbm%2Bgjpwf6r8gWMe6OjWFrDxbqospzvxIEsaea8RGJF5HWqiDYSNfs4vKoVoB1t0CktpfEj5ySZ8UblUQN6hKdqCdaQXkGZSWWn89t17Zyi1o%2BYo8qDmzUdgQHcob; ocv6iedovq4s=cvtog6gis88g65gitu31du8p95

--5a0a7532-C--

<oc:filter-files xmlns:d="DAV:" xmlns:oc="http://owncloud.org/ns" xmlns:nc="http://nextcloud.org/ns">
<d:prop>
<d:getlastmodified />
<d:getetag />
<d:getcontenttype />
<d:resourcetype />
<d:quota-available-bytes />
<d:quota-used-bytes />
<d:creationdate />

    <permissions xmlns="http://owncloud.org/ns"/>
    <id xmlns="http://owncloud.org/ns"/>
    <fileid xmlns="http://owncloud.org/ns"/>
    <size xmlns="http://owncloud.org/ns"/>
    <favorite xmlns="http://owncloud.org/ns"/>
    <share-types xmlns="http://owncloud.org/ns"/>
    <owner-id xmlns="http://owncloud.org/ns"/>
    <owner-display-name xmlns="http://owncloud.org/ns"/>
    <comments-unread xmlns="http://owncloud.org/ns"/>

    <is-encrypted xmlns="http://nextcloud.org/ns"/>
    <has-preview xmlns="http://nextcloud.org/ns"/>
    <mount-type xmlns="http://nextcloud.org/ns"/>
    <rich-workspace xmlns="http://nextcloud.org/ns"/>
</d:prop>
<oc:filter-rules>
    <oc:favorite>1</oc:favorite>
</oc:filter-rules>

</oc:filter-files>
--5a0a7532-F--
HTTP/1.1 207 Multi-Status
X-Powered-By: PHP/7.3.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'none';
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: application/xml; charset=utf-8

--5a0a7532-H--
Message: [file "/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"] [line "96"] [id "392301"] [rev "7"] [msg "Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [tag "no_ar"] Warning. Match of "rx ^0$" against "REQUEST_HEADERS:Content-Length" required.
Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client %s] ModSecurity: %s%s [uri "%s"]%s
Apache-Handler: proxy:unix:///var/www/vhosts/system/cloud.xxx.de/php-fpm.sock|fcgi://127.0.0.1:9000
Stopwatch: 1581502714092208 368621 (- - -)
Stopwatch2: 1581502714092208 368621; combined=3786, p1=119, p2=3490, p3=106, p4=47, p5=24, sr=51, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.9.1 (http://www.modsecurity.org/); 202002110730.
Server: Apache
Engine-Mode: "ENABLED"

--5a0a7532-Z--

The problem reappears with every new App-update since 2.25.4, although Atomicorp adjusts its rules each time.

Reasoning or why should it be changed/implemented?

iOS-App is unusable and also sometimes destroys the whole Apache configuration because of the resulting WAF-block.

iOS version

2.25.7

App version

Server configuration

Operating system:
CentOS Linux 7.7.1908

Web server:
Apache 2.4.6-90.el7.centos with nginx 1.16.1.3-2.centos.7+p18.0.24.0+t200123.1555

Database:
MariaDB 10.3.22

PHP version:
7.3.14

Nextcloud version: (see Nextcloud admin page)
18.0.1 - it exists since version 18.0.0

@sesipod

This comment has been minimized.

Copy link

@sesipod sesipod commented Feb 14, 2020

@dkoeh

This comment has been minimized.

Copy link
Author

@dkoeh dkoeh commented Feb 15, 2020

Nope, It still exists - meanwhile you can only access cached files. Not always the same error, but apparently all connected:

#1159
https://help.nextcloud.com/t/iphone-error-401-remote-php-webdav-error/71031

@marinofaggiana

This comment has been minimized.

Copy link
Member

@marinofaggiana marinofaggiana commented Feb 17, 2020

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.