How can I overcome content length missing error(Rule id:920180) in nginx with modsecurity while uploading zip files to my ubuntu server?

I am using modsecurity with nginx(v1.13.6) on ubuntu 16.04. When I try to upload a zip files/single jpeg/mov files via an API to my web server, I get the following error in the modsecurity error log.

2018/02/28 05:14:04 [error] 1893#0: [client 103…*] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file “/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf”] [line “309”] [id “920180”] [rev “1”] [msg “POST request missing Content Length Header.”] [data “0”] [severity “WARNING”] [ver “OWASP_CRS/3.0.0”] [maturity “9”] [accuracy “9”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-protocol”] [tag “OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ”] [tag “CAPEC-272”] [hostname “”] [uri “/api/upload”] [unique_id “ac”]

Is there any way to write a rule that allows all the requests that has a particular field set in the request header so that it is not an anomaly to the OWASP rules and is not blocked at the server’s firewall? Or what else can be done to overcome this error?

I added the following rule to the modsecurity.conf file but shows the following error respectively. Rule: SecRule REQUEST_FILENAME “/api/upload” “id:‘400001’,phase:1,allow,log,msg:‘Upload detected’,ctl:requestBodyAccess=off” Error: 2018/02/28 05:47:17 [error] 4847#0: [client] ModSecurity: Access allowed (phase 1). Pattern match “/api/upload” at REQUEST_FILENAME. [file “/usr/local/nginx/conf/modsecurity.conf”] [line “20”] [id “400001”] [msg “Upload detected”] [hostname “”] [uri “/api/upload”] [unique_id “AcAcAc92AcAcAc9cAcjcA1Ac”]

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer