我在使用POST和multipart/form-data进行API调用时遇到问题。在表单中附加文件时,调用成功(200)。如果没有附加文件(500),modsecurity会抛出此错误:
[:error] [pid 25114] [client ##REMOVED##] ModSecurity: Access denied with code 44 (phase 2).
Match of "eq 0" against "MULTIPART_STRICT_ERROR" required.
[file "/etc/modsecurity/modsecurity.conf"] [line "75"] [id "200002"] [msg "Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 1, SM 0, IQ 0, IP 0, IH 0, FL 0"] [hostname "##REMOVED##"] [uri "/user/update/2"] [unique_id "U9adUn8AAAEAAGIaaD0AAAAL"]
与LF 1有关LF line ending detected。我似乎无法通过互联网找到解决方案。非常感谢任何帮助。
有效载荷
--ARCFormBoundaryxh3pgpzljl9pb9
Content-Disposition: form-data; name="IPHONE"
TRUE
--ARCFormBoundaryxh3pgpzljl9pb9--
回复
500 Internal Server Error Show explanation Loading time: 62
请求标题
Pragma: no-cache
Cache-Control: no-cache
Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
Content-Type: multipart/form-data; boundary=ARCFormBoundaryxh3pgpzljl9pb9
Accept: */*
DNT: 1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: f98626d360511c4d14fb97c2ea504334=273bbf84cc9e30bb710feff2121ab98fbe870dc4a%3A4%3A%7Bi%3A0%3Bs%3A1%3A%221%22%3Bi%3A1%3Bs%3A25%3A%22REMOVED%40gmail.com%22%3Bi%3A2%3Bi%3A2592000%3Bi%3A3%3Ba%3A1%3A%7Bs%3A5%3A%22email%22%3Bs%3A25%3A%22REMOVED%40gmail.com%22%3B%7D%7D; PHPSESSID=lgukufu1vcf48kf8n999m3lvr5; dcjq-accordion-1=6
回复标题
Date: Mon, 28 Jul 2014 18:54:57 GMT
Server: Apache/2.4.7 (Ubuntu)
Content-Length: 616
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
响应
Internal Server Error
The server encountered an internal error ormisconfiguration and was unable to completeyour request.
Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be availablein the server error log.