Comments (16)
fzipi
commented on June 7, 2024
There is a workaround for this: use MODSEC_TMP_DIR: "/tmp".
from modsecurity-docker.
harmenrenkema
commented on June 7, 2024
We ran into this issue when trying to upload a file through a modsecurity-crs nginx container. From the error log we got that modsecurity can't create a temporary file for processing the request body.
Turns out this is not because of permissions, but because the entire /tmp/modsecurity/{data,upload,tmp} directory structure doesn't exist in the container.
Same goes for the apache variant.
from modsecurity-docker.
bfamzz
commented on June 7, 2024
We ran into this issue when trying to upload a file through a modsecurity-crs nginx container. From the error log we got that modsecurity can't create a temporary file for processing the request body.
Turns out this is not because of permissions, but because the entire /tmp/modsecurity/{data,upload,tmp} directory structure doesn't exist in the container.
Same goes for the apache variant.
This issues still occurs. The directories are existent as shown below.
@fzipi Please is there any fix for this?
Thanks.
from modsecurity-docker.
fzipi
commented on June 7, 2024
Ugh, taking a look, thanks.
from modsecurity-docker.
fzipi
commented on June 7, 2024
@bfamzz Can you add which version are you using?
from modsecurity-docker.
bfamzz
commented on June 7, 2024
Thanks for your response @fzipi
The versions are as follows:
- Modsecurity: v3.0.5
- Modsecurity Connector: v1.0.2
- OWASP CRS: v3.3.2
This is shown in the screenshot below.
from modsecurity-docker.
fzipi
commented on June 7, 2024
Excellent. I was just talking about which container you were pulling, but I can infer that from this data ;)
from modsecurity-docker.
fzipi
commented on June 7, 2024
@bfamzz I can't reproduce the problem in nginx-modsec3. But there is a permissions problem with the apache default container (I'm verifying the alpine one).
Can you paste here which version of the container are you using? Is it the alpine version? Can you get me the image ID?
from modsecurity-docker.
bfamzz
commented on June 7, 2024
Hello @fzipi
Container version: owasp/modsecurity-crs:3.3.2-nginx
Image ID: da8b2b5b5f1f
Please see the screenshot below:
I will try and pull the image again. The most recent image is from 3 days ago. Mine is from 9 days ago.
I will update you shortly.
Thanks.
from modsecurity-docker.
bfamzz
commented on June 7, 2024
Hi @fzipi
This is the new image ID
However, the issue is still occuring.
Directory permission
Image used by the running container
from modsecurity-docker.
fzipi
commented on June 7, 2024
Thanks, I could reproduce it now. Fixing.
from modsecurity-docker.
fzipi
commented on June 7, 2024
Just to have all the context: docker-library/httpd#10. I think upstream is doing it wrong :/
from modsecurity-docker.
bfamzz
commented on June 7, 2024
Hi @fzipi
Just to confirm, is the issue fixed in the recent most recent image (6 hours ago)
Thanks.
from modsecurity-docker.
fzipi360
commented on June 7, 2024
Hey @bfamzz ! The issue should be fixed for the base container, yes. The crs container will be building in top of that one.
from modsecurity-docker.
bfamzz
commented on June 7, 2024
Alright. Thanks.
from modsecurity-docker.
fzipi
commented on June 7, 2024
Just to document it here, upstream merged my fix so this should not be a problem anymore.
from modsecurity-docker.
Related Issues (20)
- docker-entrypoint.d is unused HOT 10
- Can't start the container HOT 5
- Host header modified in reverse proxy mode HOT 1
- Remove status engine call
- Unable to start container with mounted /etc/nginx/nginx.conf HOT 3
- Add support to PCRE2 in v3 HOT 1
- Reverse proxy for multiple domains possible? HOT 1
- Docker image for nginx rests on 1.20.2 HOT 3
- AccessLog and TransferLog are both enabled, preventing disabling access logs properly HOT 1
- Add support for different log formats
- Add log format definition for perflogjson HOT 5
- [modsecurity-crs-nginx] ERROLOG does not reflect REAL_IP_HEADER HOT 2
- Used nginx version is end of life HOT 2
- Add HEALTHCHECK for all images
- Remove building ssdeep and yajl libs
- Manual workflow for testing all architectures HOT 1
- SSL certificated are not loaded in Nginx image HOT 4
- nginx template has a wrong config in proxy_backend.conf.template HOT 7
- Docker image uses the root user HOT 2
- ⚠️ This repository is going to be merged into the modsecurity-crs-docker repo HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modsecurity-docker.