Hello,
I have an issue with ModSecurity. Request body and file temporary file on /tmp isn't completely cleared, so I have to clean up very regularly /tmp to avoid it filling up all my disks. Would you know why it have this strange comportment?
On the apache log, I found only this as relevant:
ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||xxxxxxxx.com|F|2"] [data "Multipart parsing error: Multipart: writing to \\x22/tmp/[email protected]
66X\\x22 failed"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "xxxxxxxx.com"] [uri "/wp-json/wp/v2/media"] [unique_id "[email protected]
sxrleqn8PvgAAAc0"], referer: https://xxxxxxxx.com/wp-admin/post-new.php
But I don't know how to interpret this.
Thanks in advance.
I have an issue with ModSecurity. Request body and file temporary file on /tmp isn't completely cleared, so I have to clean up very regularly /tmp to avoid it filling up all my disks. Would you know why it have this strange comportment?
On the apache log, I found only this as relevant:
ModSecurity: Warning. Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "27"] [id "210230"] [rev "2"] [msg "COMODO WAF: The request body could not be parsed. Possibility of an impedance mismatch attack. This is not a false positive.||xxxxxxxx.com|F|2"] [data "Multipart parsing error: Multipart: writing to \\x22/tmp/[email protected]
66X\\x22 failed"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "xxxxxxxx.com"] [uri "/wp-json/wp/v2/media"] [unique_id "[email protected]
sxrleqn8PvgAAAc0"], referer: https://xxxxxxxx.com/wp-admin/post-new.php
But I don't know how to interpret this.
Thanks in advance.