Scribd Logo
Upload

Welcome to Scribd!

  • XG Blockt OWA ActiveSync Etc. Mit Anhängen Grösser 1 MB

    Uploaded by

    Sascha Tetzel
    14 views3 pages
    The document discusses increasing the request body limit on a reverse proxy to allow larger file attachments to be sent through OWA and other services. Currently, the limit is set to 1MB by default, causing errors. The steps shown increase the limit for a specific policy to 50MB by updating the database table and reconfiguring the reverse proxy configuration. This allows attachments over 1MB to be sent without hitting the request body limit.

    Original Description:

    Original Title

    XG blockt OWA ActiveSync etc. Mit Anhängen grösser 1 MB

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses increasing the request body limit on a reverse proxy to allow larger file attachments to be sent through OWA and other services. Currently, the limit is set to 1MB by default, causing errors. The steps shown increase the limit for a specific policy to 50MB by updating the database table and reconfiguring the reverse proxy configuration. This allows attachments over 1MB to be sent without hitting the request body limit.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    14 views3 pages

    XG Blockt OWA ActiveSync Etc. Mit Anhängen Grösser 1 MB

    Uploaded by

    Sascha Tetzel
    The document discusses increasing the request body limit on a reverse proxy to allow larger file attachments to be sent through OWA and other services. Currently, the limit is set to 1MB by default, causing errors. The steps shown increase the limit for a specific policy to 50MB by updating the database table and reconfiguring the reverse proxy configuration. This allows attachments over 1MB to be sent without hitting the request body limit.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    XG blockt OWA ActiveSync etc.

    Mit Anhängen
    grösser 1 MB

    XG blockt OWA ActiveSync etc. Mit Anhängen grösser 1 MB

    Das liegt an den niedrigen Request Body Limits des Reverse Proxys. Das steht default auf 1MB. Dies
    sieht man wie folgt im LOG:

    SG230_WP02_SFOS 18.0.5 MR-5-Build586# tail -n 5000 -f /log/reverseproxy.log


    | grep security2:error
    [Wed Jul 28 09:50:48.068673 2021] [security2:error] [pid 16365:tid
    139976113112832] [client 2.4.103.140:55730] [client 2.4.103.140]
    ModSecurity: Rule 2d915d0 [id "-"][file
    "/usr/apache/conf/waf/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line
    "240"] - Execution error - PCRE limits exceeded (-8): (null). [hostname
    "mail.eugen-koenig.de"] [uri "/owa/"] [unique_id "YQEMV38AAAEAAD-
    tcysAAADQ"], referer: https://owa.eugen-koenig.de/owa/auth/logon.aspx?
    url=https%3a%2f%2fowa.eugen-koenig.de%2fowa%2f&reason=0
    [Wed Jul 28 09:50:48.076268 2021] [security2:error] [pid 16365:tid
    139976113112832] [client 2.4.103.140:55730] [client 2.4.103.140]
    ModSecurity: Rule 2dc7d48 [id "-"][file
    "/usr/apache/conf/waf/rules/RESPONSE-951-DATA-LEAKAGES-SQL.conf"][line
    "342"] - Execution error - PCRE limits exceeded (-8): (null). [hostname
    "mail.eugen-koenig.de"] [uri "/owa/"] [unique_id "YQEMV38AAAEAAD-
    tcysAAADQ"], referer: https://owa.eugen-koenig.de/owa/auth/logon.aspx?
    url=https%3a%2f%2fowa.eugen-koenig.de%2fowa%2f&reason=0
    [Wed Jul 28 10:16:05.752143 2021] [security2:error] [pid 16746:tid
    139799809701632] [client 91.21.145.132:53894] [client 91.21.145.132]
    ModSecurity: Request body no files data length is larger than the configured
    limit (1048576).. Deny with code (413) [hostname "mail.eugen-koenig.de"]
    [uri "/Microsoft-Server-ActiveSync"] [unique_id "YQESRX8AAAEAAEFqMaIAAAAO"]
    [Wed Jul 28 11:14:12.025134 2021] [security2:error] [pid 17498:tid
    139799742560000] [client 77.20.105.78:49355] [client 77.20.105.78]
    ModSecurity: Request body no files data length is larger than the configured
    limit (1048576).. Deny with code (413) [hostname "mail.eugen-koenig.de"]
    [uri "/Microsoft-Server-ActiveSync"] [unique_id "YQEf438AAAEAAERaWnIAAAB6"]
    [Wed Jul 28 11:14:39.305189 2021] [security2:error] [pid 16746:tid
    139799834879744] [client 77.20.105.78:49359] [client 77.20.105.78]
    ModSecurity: Request body no files data length is larger than the configured
    limit (1048576).. Deny with code (413) [hostname "mail.eugen-koenig.de"]
    [uri "/Microsoft-Server-ActiveSync"] [unique_id "YQEf-38AAAEAAEFqOEYAAAAL“]
    Mit folgendem Befehl lässt Du Dir die WAF Policies mit dem jeweils eingestellten Request Body Limit
    auflisten:

    SG230_WP02_SFOS 18.0.5 MR-5-Build586# psql -U nobody -d corporate -c


    "select name,id,sec_request_body_no_files_limit from tblwafsecurityprofile;"
    name | id | sec_request_body_no_files_limit
    ----------------------------+----+---------------------------------
    Exchange AutoDiscover | 1 | 1048576
    Microsoft Lync | 4 | 1048576
    Microsoft RD Web 2008 | 5 | 1048576
    Microsoft RDG 2008 | 6 | 1048576
    Exchange Outlook Anywhere | 3 | 1048576
    Exchange General | 2 | 1048576
    Echange Koenig Webservices | 7 | 1048576
    (7 rows)

    Merke Dir die gewünschten IDs Deiner Policies und lege ein Upload-Limit fest. Im nachfolgenden
    Befehl sind das 50MB (=52428800) (in dem Fall ID 7)

    # psql -U nobody -d corporate -c "update tblwafsecurityprofile set


    sec_request_body_no_files_limit=52428800 where id=7;"
    UPDATE 1

    Überprüfung der eben gemachten Einstellung:

    SG230_WP02_SFOS 18.0.5 MR-5-Build586# psql -U nobody -d corporate -c


    "select name,id,sec_request_body_no_files_limit from tblwafsecurityprofile;"
    name | id | sec_request_body_no_files_limit
    ----------------------------+----+---------------------------------
    Exchange AutoDiscover | 1 | 1048576
    Microsoft Lync | 4 | 1048576
    Microsoft RD Web 2008 | 5 | 1048576
    Microsoft RDG 2008 | 6 | 1048576
    Exchange Outlook Anywhere | 3 | 1048576
    Exchange General | 2 | 1048576
    Echange Koenig Webservices | 7 | 52428800
    (7 rows)

    Anschließend ist die reverseproxy.conf auf der XG neu zu erstellen. Damit wird die neue Einstellung
    auch direkt aktiviert:

    SG230_WP02_SFOS 18.0.5 MR-5-Build586# opcode waf_reconfig -t json -b


    '{"Entity": "waf_advanced_config", "Event": "UPDATE"}' -ds nosync
    200 OK
    { "statusmessage": "success", "status": "200“ }

    You might also like