Description
Hello, I would like to ask for your help about one big problem that I think it's related to case #1767, but I am not completely sure.
First of all, you can review my modsecurity.conf, crs-setup.conf and debug log in the attached files (see the part related to domain SmileWear.eu and uploaded file is success-is-my-duty.jpg
debug.log.txt
).
modsecurity.conf.txt
crs-setup.conf.txt
Nginx version is 1.13 and I use the latest modsecurityv3 master branch and modsecurity-connector.
I use clamdscan to scan files and the error below and from the logs is generated when I upload files through Wordpress (which invoke the script that use clamdscan). It worked before but now it blocks everything including regular files, not only hacks:
2018/06/28 10:53:53 [warn] 21000#21000: *83 [client 78.83.112.81] ModSecurity: Warning. Matched "Operator Eq' with parameter 0' against variable REQBODY_ERROR' (Value: 1' ) [file "/usr/local/nginx/conf/owasp-modsecurity-crs/modsecurity.conf"] [line "12"] [id "200002"] [rev ""] [msg "Failed to parse request body."] [data ""] [severity "0"] [ver ""] [maturity "0"] [accuracy "0"] [hostname "78.83.112.81"] [uri "/wp-admin/async-upload.php"] [unique_id "153017243331.729360"] [ref "v1229,1"], client: 78.83.112.81, server: smilewear.home-touch.me, request: "POST /wp-admin/async-upload.php HTTP/2.0", host: "smilewear.eu", referrer: "https://smilewear.eu/wp-admin/post-new.php"
So as I read the previous post which I mentioned the case is the same, but the fix doesn't work for me. Can you please help me with this issue, is it a confirmed but and when it will be fixed? Provide som patch?