Skip to content

Nginx 1.6 / Modsec 2.8 -> Upload scanning returns " no upstream configuration " error #751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
elialum opened this issue Jul 7, 2014 · 1 comment
Closed

Nginx 1.6 / Modsec 2.8 -> Upload scanning returns " no upstream configuration " error #751

elialum opened this issue Jul 7, 2014 · 1 comment

Comments

@elialum
Copy link

elialum commented Jul 7, 2014

Hi,

  • Clean Centos 6.5 install
  • Nginx 1.6.0 (built from source)
  • Modsec 2.8.0
  • Comodo free rules

I am trying to force a virus scanning when uploading files (call a maldetect script whenever a file is uploaded).

It seems like I can never trigger the uploader, as the whole process is killed before it even gets there.

While this triggers modsec rules on any location (php etc) -

Code:

location / {

ModSecurityEnabled on;
ModSecurityConfig modsecurity.conf;

}

It doesn't trigger the upload scanner.
If I include modsec with the php-fpm section -

Code:

location ~ .php$ {
root /home/user/public_html;
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/tmp/php5-fpm-user.sock;
fastcgi_index index.php;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
fastcgi_cache WORDPRESS;
fastcgi_cache_valid 60m;
fastcgi_param SCRIPT_FILENAME /home/user/public_html$fastcgi_script_name;
include fastcgi_params;

### ENABLE MOD SECURITY ###
ModSecurityEnabled on;
    ModSecurityConfig modsecurity.conf;

}

It will trigger the rules for GET requests, but every POST request will fail with " no upstream configuration " error.

So the first include doesn't trigger error on POST requests (note - regardless of the upload, I've not tested the rules on POST requests yet).

Second include returns the " no upstream configuration " error.

This is the modsec rule main conf file -

Code:

SecRuleEngine On
SecRequestBodyAccess On
SecRule FILES_TMPNAMES "@inspectFile /usr/local/maldetect/modsec.sh" "log,auditlog,deny,severity:2,phase:2,t:none,msg:'Malicous File Attachment Identified.',id:'1010101'"
SecResponseBodyAccess Off
SecStatusEngine On
SecResponseBodyMimeType (null) text/html text/plain text/xml
SecResponseBodyLimit 2621440
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogType Concurrent
SecAuditLog /var/asl/data/audit/logs/audit_log
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
SecRequestBodyInMemoryLimit 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial
SecAuditLogDirMode 0770
SecPcreMatchLimit 250000
SecPcreMatchLimitRecursion 250000

Include rules/cwaf_01.conf
Include rules/cwaf_02.conf

Include rules/cwaf_03.conf # Eli - errors on nginx, do not enable

Include rules/cwaf_04.conf

Include rules/cwaf_05.conf # Eli - errors on nginx, do not enable

Include rules/whitelist/user/ip_whitelist.conf
Include rules/whitelist/user/rules_whitelist.conf

Anyone tried this scenario before and managed to get it to work ?

Thanks in advance,
Eli.
@elialum elialum mentioned this issue Jul 16, 2014
Closed
@zimmerle
Copy link
Contributor

Hi @elialum, marking this issue as duplicate of #664.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zimmerle @elialum