[#36983] - [4.x] apache mod_security error 400 com_media - POST requests without a body
- New
- Medium
- Build: 4.1-dev
- # 36983
Steps to reproduce the issue
have apache mod_security 2.9.5 installed
on J4.x /administrator/index.php?option=com_media&path=local-images
Expected result
to see media listing
Actual result
ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "71"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parser error: parse error: premature EOF\x0a"] [severity "CRITICAL"] [hostname "xxxxxxxx"] [uri "/administrator/index.php"] [unique_id "YgPV97WMmN7SW1mSXvPM0QAAVgU"], referer: https://xxxxxxx/administrator/index.php?option=com_media&path=local-images
System information (as much as possible)
PHP 7.4.27
j4.0.6
mod_security 2.9.5
Additional comments
joomla-cms-bot
- | Labels |
Added:
No Code Attached Yet
|
||
Hi Prakhar,
so far I use a workaround in modsecurity.conf, something like:
SecRule REQUEST_URI /administrator "phase:1,id:400009,nolog,chain"
SecRule REQUEST_BODY_LENGTH "@eq 0" "ctl:requestBodyAccess=off"
but i'would like an opinion from joomla devs.
best regards
Dave
| Title |
|
||||||
Hackwar
- | Labels |
Added:
bug
|
||
Are you working on it