How can I overcome content length missing error(Rule id:920180) in nginx with modsecurity while uploading zip files to my ubuntu server?

February 28, 2018 431 views
API Firewall Nginx Ubuntu 16.04

I am using modsecurity with nginx(v1.13.6) on ubuntu 16.04. When I try to upload a zip files/single jpeg/mov files via an API to my web server, I get the following error in the modsecurity error log.

2018/02/28 05:14:04 [error] 1893#0: [client 103...*] ModSecurity: Warning. Operator EQ matched 0 at REQUESTHEADERS. [file "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "309"] [id "920180"] [rev "1"] [msg "POST request missing Content Length Header."] [data "0"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASPCRS/PROTOCOLVIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname ""] [uri "/api/upload"] [uniqueid "ac"]

Is there any way to write a rule that allows all the requests that has a particular field set in the request header so that it is not an anomaly to the OWASP rules and is not blocked at the server's firewall? Or what else can be done to overcome this error?

I added the following rule to the modsecurity.conf file but shows the following error respectively.
SecRule REQUESTFILENAME "/api/upload" "id:'400001',phase:1,allow,log,msg:'Upload detected',ctl:requestBodyAccess=off"
2018/02/28 05:47:17 [error] 4847#0: [client] ModSecurity: Access allowed (phase 1). Pattern match "/api/upload" at REQUEST
FILENAME. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "20"] [id "400001"] [msg "Upload detected"] [hostname ""] [uri "/api/upload"] [unique_id "AcAcAc92AcAcAc9cAcjcA1Ac"]

Be the first one to answer this question.