How can I overcome content length missing error(Rule id:920180) in nginx with modsecurity while uploading zip files to my ubuntu server?

Posted February 28, 2018 2.5k views
NginxAPIFirewallUbuntu 16.04

I am using modsecurity with nginx(v1.13.6) on ubuntu 16.04. When I try to upload a zip files/single jpeg/mov files via an API to my web server, I get the following error in the modsecurity error log.

2018/02/28 05:14:04 [error] 1893#0: [client 103…*] ModSecurity: Warning. Operator EQ matched 0 at REQUESTHEADERS. [file “/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf”] [line “309”] [id “920180”] [rev “1”] [msg “POST request missing Content Length Header.”] [data “0”] [severity “WARNING”] [ver “OWASP_CRS/3.0.0”] [maturity “9”] [accuracy “9”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-protocol”] [tag “OWASPCRS/PROTOCOLVIOLATION/INVALID_HREQ”] [tag “CAPEC-272”] [hostname “”] [uri “/api/upload”] [uniqueid “ac”]

Is there any way to write a rule that allows all the requests that has a particular field set in the request header so that it is not an anomaly to the OWASP rules and is not blocked at the server’s firewall? Or what else can be done to overcome this error?

I added the following rule to the modsecurity.conf file but shows the following error respectively.
SecRule REQUESTFILENAME “/api/upload” “id:‘400001’,phase:1,allow,log,msg:'Upload detected’,ctl:requestBodyAccess=off”
2018/02/28 05:47:17 [error] 4847#0: [client] ModSecurity: Access allowed (phase 1). Pattern match “/api/upload” at REQUEST
FILENAME. [file “/usr/local/nginx/conf/modsecurity.conf”] [line “20”] [id “400001”] [msg “Upload detected”] [hostname “”] [uri “/api/upload”] [unique_id “AcAcAc92AcAcAc9cAcjcA1Ac”]

Submit an answer

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!