Skip to content

Gzip encoded data #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nullmem opened this issue Jun 23, 2017 · 4 comments
Closed

Gzip encoded data #54

nullmem opened this issue Jun 23, 2017 · 4 comments
Assignees
@zimmerle @victorhora
Labels
enhancement

Comments

@nullmem
Copy link

nullmem commented Jun 23, 2017

Ok so I was getting:

---deISzRSW---B--
GET /wp-content/uploads/2012/03/satan%E2%80%99s-malicious-agenda-300x200.jpg HTTP/1.1
Content-Length: 0
X-Forwarded-For: 51.255.81.66
CF-IPCountry: FR
Host: www.danielsblog.org
CF-Origin-IP: 174.138.119.56
Accept-Encoding: gzip
X-Forwarded-Proto: https
CF-Origin-Https: on
User-Agent: Toweya.com bot; report abuse to [email protected]
Connection: Keep-Alive
CF-RAY: 3734527bd93168f6-CDG
Accept: /
CF-Visitor: {"scheme":"https"}

(binary data here)

After reading through docs I find the directive I need:

SecDisableBackendCompression On

.....but it don't work....Nginx won't start with it in my modsecurity.conf file:

2017/06/23 03:52:08 [emerg] 5146#5146: "modsecurity_rules_file" directive Rules error. File: /etc/nginx/snippets/modsecurity.conf. Line: 9. Column: 32. Invalid input: SecDisableBackendCompression On in /etc/nginx/conf.d/allcapa.org.conf:21
@nullmem
Copy link
Author

nullmem commented Jun 23, 2017

I disabled mod_deflate on my backend server and still getting binary data and header of

GET /wp-content/uploads/2012/03/satan%E2%80%99s-malicious-agenda-300x200.jpg HTTP/1.1
Content-Length: 0
X-Forwarded-For: 193.70.45.213
CF-IPCountry: FR
Host: www.danielsblog.org
CF-Origin-IP: 174.138.119.56
Accept-Encoding: gzip
X-Forwarded-Proto: https
CF-Origin-Https: on
User-Agent: Toweya.com bot; report abuse to [email protected]
Connection: Keep-Alive
CF-RAY: 3734a9cf5d7869be-CDG
Accept: /
CF-Visitor: {"scheme":"https"}
CF-WAN-ID: rg-72eb7a9df15c775786489ce7b862c78f.port2408.net:2408
CF-Connecting-IP: 193.70.45.213

just cant figure out 1. where its getting zipped, and 2. why I cant turn it off with the directive.

@victorhora
Copy link
Contributor

Hi @nullmem,

I'm guessing you are using the nginx-connector with libModSecurity (aka v3), right?

If that's so, I'm afraid SecDisableBackendCompression is currently a missing feature for libModSecurity. I'll create an issue on ModSecurity Github for proper tracking of this missing feature.

@nullmem
Copy link
Author

nullmem commented Jun 23, 2017

Yes, and thank you. as a temporary workaround, I was able to disable gzip on both Nginx and my backend server. This isn't really a big deal because this server is behind CloudFlare and they gzip everything anyway.

@victorhora
Copy link
Contributor

Thanks for the feedback @nullmem, good to know you have a workaround :)

I've updated the reference manual to reflect the current missing feature and created an issue on ModSecurity's Github for proper tracking: owasp-modsecurity/ModSecurity#1470

So I will close this one here.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zimmerle zimmerle

@victorhora victorhora

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zimmerle @victorhora @nullmem