Bug report – Tripping modsec

Extract from the error log:

[Tue Jun 13 21:32:51.683770 2023] [:error] [pid 497951:tid 3756737468160] [client –REDACTED–:34898] [client –REDACTED–] ModSecurity: Warning. Match of “rx ^[\\w/.+-]+(?:\\s?;\\s?(?:action|boundary|charset|type|start(?:-info)?)\\s?=\\s?[‘\”\\w.()+,/:=?<>@-]+)*$” against “REQUEST_HEADERS:Content-Type” required. [file “/etc/modsecurity/mod_sec3_CRS/REQUEST-920-PROTOCOL-ENFORCEMENT.conf”] [line “933”] [id “920470”] [msg “Illegal Content-Type header”] [data “application/x-www-form-urlencoded charset=utf-8”] [severity “CRITICAL”] [ver “OWASP_CRS/3.3.4”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-protocol”] [tag “paranoia-level/1”] [tag “OWASP_CRS”] [tag “capec/1000/255/153”] [tag “PCI/12.1”] [hostname “–REDACTED–“] [uri “/wp-admin/admin-ajax.php”] [unique_id “ZIlC8zTwsAhy1GfELSrfHQAAAAE”], referer: https://–REDACTED–/wp-admin/admin.php?page=snippets

We’re working on a potential fix for this by escaping special characters in the request.

Cool, thanks for the update. Bit of a pain in the proverbial but not a major issue. Would prefer not to, but if push came to shove I could just whitelist the rule that’s being triggered. In the meantime, happy enough with 3.3.

Looking forward to the next release ??

@bungeshea Thanks for looking into this. Can you give any approximate eta? like a week or more like a month? thanks

@brandonjp definitely going to have it out this week. We’re just trying to make sure we catch as many issues as possible with this patch.

@brandonjp @cebuss this should be fixed in the v2.4.1 patch. Please let us know if you’re still receiving similar issues after updating.

@bungeshea Yes, working fine with modsec now thanks. Luckily I don’t export snippets that often lol

Sorry, couldn’t resist ?? must be a real pain in the proverbial at times, fix one thing only to have another bug creep in. I am sure I speak for a lot of people when I say your time and work is very much appreciated.