POST problem (IIS) #1299
Description
Hello,
I succesfully installed mod security on IIS 8.5.
I can see log files, events on Event Viewer etc.
However, there's a problem. When trying to use any form on our website (PHP), the web server never replies. I get "Loading..." on the browser and after a while Internal Server Error.
I don't think it triggers any mod security rule, because I don't see anything on the logs, plus for test i have removed ALL rules.
As soon as i disable this:
# -- Request body handling ---------------------------------------------------
# Allow ModSecurity to access request bodies. If you don't, ModSecurity
# won't be able to see any POST parameters, which opens a large security
# hole for attackers to exploit.
#
SecRequestBodyAccess On
All the forms start working again.
I enabled FailedRequestTracing on IIS, I can see that the FastCGI app gives an error but i don't know what to do with it (see attached screenshot).
I have also enabled FULL debugging on mod_Security, and this is the info related to a very simple PHP forum which does not work:
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][4] Initialising transaction (txid 18158513712590225504).
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][4] Transaction context created (dcfg 1aa37d8).
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][4] First phase starting (dcfg 1aa37d8).
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][4] Starting phase REQUEST_HEADERS.
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][4] Second phase starting (dcfg 1aa37d8).
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][4] Input filter: Reading request body.
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][9] Input filter: Bucket type POOL contains 25 bytes.
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][9] Input filter: Bucket type POOL contains 0 bytes.
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][9] Input filter: Bucket type EOS contains 0 bytes.
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][5] Adding request argument (BODY): name "user_name_field", value "fsddddfsd"
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][4] Input filter: Completed receiving request body (length 25).
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][4] Starting phase REQUEST_BODY.
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][4] Hook insert_filter: Adding input forwarding filter (r 23ce400).
[07/Jan/2017:20:56:09 +0200] [DMB-NODE2/sid#1a956f8][rid#23ce400][/test/file.php][4] Hook insert_filter: Adding output filter (r 23ce400).
Any ideas?
Thanks
Alex
