Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNWAF / Web Application Business with Nextcloud - enabled we cannot upload
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNWAF / Web Application Business with Nextcloud - enabled we cannot upload (Read 369 times)
Wuensch-AG-Adm
Newbie
Posts: 12
Karma: 0
OPNWAF / Web Application Business with Nextcloud - enabled we cannot upload
«
on:
September 11, 2024, 04:29:30 pm »
Dear OPNsense community,
We bought the 3-year package to have business capabilities on our firewall in our company. But as soon as we started configuring OPNWAF (Web Application) Business, it didn't work as expected. We can't upload any documents or photos, regardless of file size (error 413). Some nextcloud applications generate errors (such as “photos”, or we lose the ability to change profile status). On the firewall, in the Web Protection tab, I've configured Nextcloud-specific rule exclusions, but that doesn't seem to do anything...
We have found that there's is a limitation in the modsecurity on the OPNWAF. The info is in the Web Error Log.
ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "xxxxxxxxx"] [uri "/remote.php/dav/files/
The problem with this plugin is that we couldn't find any documentation of the plugin paths on the hard disk. We have no idea how to set up this plugin, and there's no way of changing anything in the user interface. That's sad for a Business tool.
If someone with experience on this plugin can explain to me where I can change the configured limit, I'd be very happy not loose my time with this kind of stuffs.
Thank you ahead.
Regards,
Joel. T
Logged
Monviech
Global Moderator
Hero Member
Posts: 1518
Karma: 172
Re: OPNWAF / Web Application Business with Nextcloud - enabled we cannot upload
«
Reply #1 on:
September 11, 2024, 04:51:07 pm »
Hello, it looks like the error you have is this one:
https://github.com/owasp-modsecurity/ModSecurity/issues/2873
It looks like the following settings have to be included into the virtual host configuration:
SecRequestBodyLimit 1073741824
SecRequestBodyNoFilesLimit 1073741824
1GB per chunk seems like the hard limit. So, these parameters could be added with a checkbox.
If you open a feature request
https://github.com/opnsense/plugins/issues
I will evaluate it and add it to OPNWAF. I am currently working on including new features into it.
e.g. compare to this feature request:
https://github.com/opnsense/plugins/issues/4030
The next version will have some more features coming that makes more selective configurations, especially with the WAF, a lot easier.
Logged
Hardware:
DEC740
Wuensch-AG-Adm
Newbie
Posts: 12
Karma: 0
Re: OPNWAF / Web Application Business with Nextcloud - enabled we cannot upload
«
Reply #2 on:
September 11, 2024, 06:31:59 pm »
Hello,
thank you for your fast answer.
Is there some possibility to apply the new parameters and that the modsecurity keep them? (I mean in the console mod / shell)
I've found the parameters in this file:
/usr/local/etc/apache24/modsecurity.conf
But if I change something, the next restart of the plugin / service, it resets the parameter to the original values ( 13107200 and 131072). I can't change anything. The "App Specific Rule Exclussions" nextcloud in Firewall -> Web Application-> Settings -> Web protection ist doing nothing. There's no effect on the nextcloud.
I've find the rules Set files for Nextcloud too, but nothing works.
I've deactivated the Web protection, because with, nobody can really use Nextcloud. From now I'm using only the gateway webserver. I was thinking that a business solution like this waf plugin would work.
I've forgot to write that we are using the version OPNsense 24.4.2-amd64 with the os-OPNWAF 1.5
Can I add the parameters in the gateway_vhosts.conf?
Thx ahead.
Regards,
Joel Timm.
Logged
Wuensch-AG-Adm
Newbie
Posts: 12
Karma: 0
Re: OPNWAF / Web Application Business with Nextcloud - enabled we cannot upload
«
Reply #3 on:
September 11, 2024, 06:36:19 pm »
Every time I restart the plugin / service, I loose all the changes in the conf files. Is there a special way to do this with OPNsense? Because I need to fix this asap.
Logged
franco
Administrator
Hero Member
Posts: 17607
Karma: 1603
Re: OPNWAF / Web Application Business with Nextcloud - enabled we cannot upload
«
Reply #4 on:
September 11, 2024, 06:59:30 pm »
Well, you would adjust the template, not the rendered config. It's still volatile but sticks until the next update.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNWAF / Web Application Business with Nextcloud - enabled we cannot upload