После получения обновлений CMS Битрикс 25.100.300, приблизительно проблема началась 22.04.2025, не проходит проверка "Загрузка файла" и "Загрузка файла больше 4Мб" в административной части: Ошибка! Не работает.
При этом мы получаем в логе Apache ошибки:
[Tue Apr 22 15:12:43.260490 2025] [security2:error] [pid 2844456:tid 2844456] [client hide_IP:0] [client hide_IP] ModSecurity: Multipart parsing error: Multipart: Final boundary missing. [hostname "bitrix.status.SITE.com"] [uri "/bitrix/admin/site_checker.php"] [unique_id "aAeHu33BWSOImiiWsG0cwAAAAFM"]
[Tue Apr 22 15:12:43.264698 2025] [security2:error] [pid 2844456:tid 2844456] [client hide_IP:0] [client hide_IP] ModSecurity: Internal error: REQUEST_BODY phase incomplete for input filter in phase 1 [hostname "bitrix.status.SITE.com"] [uri "/bitrix/urlrewrite.php"] [unique_id "aAeHu33BWSOImiiWsG0cwAAAAFM"]
/var/log/imunify360/console.log:2025-04-22T14:57:53.813+0300 INFO Manager SensorIncident([{Rule:77316736 Retries:1 Severity:5 Name:IM360 WAF: Request body parsing error Message:IM360 WAF: Request body parsing error||err_msg:Multipart parsing error: Multipart: Final boundary missing.||RSV:6.87||RS:500||T:APACHE|| AttackersIP:hide_IP Domain:bitrix.status.SITE.com PluginID:modsec TransactionID:aAeEQcE7V8IjJA9z2ebdHAAAAXE AccessDenied:false Tag:[service_custom] ModsecVersion:2.9.7 StatusCode:500 EngineMode:ENABLED Timestamp:1745323073 Advanced:{Headers:[[Host bitrix.status.SITE.com] [X-Client-Ip hide_IP] [X-Forwarded-For hide_IP] [X-Forwarded-Proto http] [Connection close] [Content-Length 4200196] [Content-Type multipart/form-data; boundary=--------d5be26a33a0b5bde0aa68da9228363fa]] Uri:/bitrix/admin/site_checker.php HttpMethod:POST} IpWhitelisted:false Maturity: File: Dat a:<nil> Accuracy:} {Rule:77317957 Retries:1 Severity:5 Name:IM360 WAF: File upload Message:IM360 WAF: File upload||File:site_checker.bin||Size:4200000||Combined:4200000||User:statusvh||SC:/home/statusvh/bitrix.status.SITE.com/bitrix/admin/site_checker.php||WPU:||Py time:||Lua time:||RSV:6.87||RS:500||T:APACHE|| AttackersIP:hide_IP Domain:bitrix.status.SITE.com PluginID:modsec TransactionID:aAeEQcE7V8IjJA9z2ebdHAAAAXE AccessDenied:false Tag:[service_im360 noshow] ModsecVersion:2.9.7 StatusCode:500 EngineMode:ENABLED Timestamp:1745323073 Advanced:{Headers:[[X-Forwarded-Proto http] [Connection close] [Content-Length 4200196] [Content-Type multipart/form-data; boundary=--------d5be26a33a0b5bde0aa68da9228363fa] [Host bitrix.status.SITE.com] [X-Client-Ip hide_IP] [X-Forwarded-For hide_IP]] Uri:/bitrix/admin/site_checker.php HttpMethod:POST} IpWhitelisted:false Maturity: File: Dat a:<nil> Accuracy:}]) processed
При отключении проактивной защиты Imunify ошибка сохраняется.
В сравнении файлов новой и старой версии мы обнаружили различие:
$POST .= 'Content-Disposition: form-data; name="test_file"; filename="site_checker.bin"' . "\r\n"; - новая версия
$POST .= 'Content-Disposition: form-data; name="test_file"; filename="site_checker.bin' . "\r\n"; - старая версия
Мы обратились в техническую поддержку Imunify и нами был получен ответ:
"Developers checked the issue, but did not find any unusual ModSecurity settings that may be causing the issue.
From the Apache log, we see:
ModSecurity: Multipart parsing error: Multipart: Invalid Content-Disposition header (-10): form-data; name="test_file"; filename="site_checker.bin."And the dot at the end of the filename parameter value does not comply with the RFC. From the ModSecurity documentation:
ModSecurity implements a built-in multipart/form-data parser that enforces strict RFC compliance checks internally. This parser is triggered automatically whenever ModSecurity encounters multipart forms, regardless of explicitly loaded rules. Multipart requests failing RFC compliance (such as RFC 7578) will cause ModSecurity to generate an internal error message (and block the request by default).In order to investigate the issue in more detail, we suggest contacting Bitrix support to clarify this filename peculiarity.
Getting in touch with the ModSecurity developers can also be helpful."
Сервер работает под управлением CloudLinux v8.10.0 Nginx + Apache.
При этом мы получаем в логе Apache ошибки:
[Tue Apr 22 15:12:43.260490 2025] [security2:error] [pid 2844456:tid 2844456] [client hide_IP:0] [client hide_IP] ModSecurity: Multipart parsing error: Multipart: Final boundary missing. [hostname "bitrix.status.SITE.com"] [uri "/bitrix/admin/site_checker.php"] [unique_id "aAeHu33BWSOImiiWsG0cwAAAAFM"]
[Tue Apr 22 15:12:43.264698 2025] [security2:error] [pid 2844456:tid 2844456] [client hide_IP:0] [client hide_IP] ModSecurity: Internal error: REQUEST_BODY phase incomplete for input filter in phase 1 [hostname "bitrix.status.SITE.com"] [uri "/bitrix/urlrewrite.php"] [unique_id "aAeHu33BWSOImiiWsG0cwAAAAFM"]
/var/log/imunify360/console.log:2025-04-22T14:57:53.813+0300 INFO Manager SensorIncident([{Rule:77316736 Retries:1 Severity:5 Name:IM360 WAF: Request body parsing error Message:IM360 WAF: Request body parsing error||err_msg:Multipart parsing error: Multipart: Final boundary missing.||RSV:6.87||RS:500||T:APACHE|| AttackersIP:hide_IP Domain:bitrix.status.SITE.com PluginID:modsec TransactionID:aAeEQcE7V8IjJA9z2ebdHAAAAXE AccessDenied:false Tag:[service_custom] ModsecVersion:2.9.7 StatusCode:500 EngineMode:ENABLED Timestamp:1745323073 Advanced:{Headers:[[Host bitrix.status.SITE.com] [X-Client-Ip hide_IP] [X-Forwarded-For hide_IP] [X-Forwarded-Proto http] [Connection close] [Content-Length 4200196] [Content-Type multipart/form-data; boundary=--------d5be26a33a0b5bde0aa68da9228363fa]] Uri:/bitrix/admin/site_checker.php HttpMethod:POST} IpWhitelisted:false Maturity: File: Dat a:<nil> Accuracy:} {Rule:77317957 Retries:1 Severity:5 Name:IM360 WAF: File upload Message:IM360 WAF: File upload||File:site_checker.bin||Size:4200000||Combined:4200000||User:statusvh||SC:/home/statusvh/bitrix.status.SITE.com/bitrix/admin/site_checker.php||WPU:||Py time:||Lua time:||RSV:6.87||RS:500||T:APACHE|| AttackersIP:hide_IP Domain:bitrix.status.SITE.com PluginID:modsec TransactionID:aAeEQcE7V8IjJA9z2ebdHAAAAXE AccessDenied:false Tag:[service_im360 noshow] ModsecVersion:2.9.7 StatusCode:500 EngineMode:ENABLED Timestamp:1745323073 Advanced:{Headers:[[X-Forwarded-Proto http] [Connection close] [Content-Length 4200196] [Content-Type multipart/form-data; boundary=--------d5be26a33a0b5bde0aa68da9228363fa] [Host bitrix.status.SITE.com] [X-Client-Ip hide_IP] [X-Forwarded-For hide_IP]] Uri:/bitrix/admin/site_checker.php HttpMethod:POST} IpWhitelisted:false Maturity: File: Dat a:<nil> Accuracy:}]) processed
При отключении проактивной защиты Imunify ошибка сохраняется.
В сравнении файлов новой и старой версии мы обнаружили различие:
$POST .= 'Content-Disposition: form-data; name="test_file"; filename="site_checker.bin"' . "\r\n"; - новая версия
$POST .= 'Content-Disposition: form-data; name="test_file"; filename="site_checker.bin' . "\r\n"; - старая версия
Мы обратились в техническую поддержку Imunify и нами был получен ответ:
"Developers checked the issue, but did not find any unusual ModSecurity settings that may be causing the issue.
From the Apache log, we see:
ModSecurity: Multipart parsing error: Multipart: Invalid Content-Disposition header (-10): form-data; name="test_file"; filename="site_checker.bin."And the dot at the end of the filename parameter value does not comply with the RFC. From the ModSecurity documentation:
ModSecurity implements a built-in multipart/form-data parser that enforces strict RFC compliance checks internally. This parser is triggered automatically whenever ModSecurity encounters multipart forms, regardless of explicitly loaded rules. Multipart requests failing RFC compliance (such as RFC 7578) will cause ModSecurity to generate an internal error message (and block the request by default).In order to investigate the issue in more detail, we suggest contacting Bitrix support to clarify this filename peculiarity.
Getting in touch with the ModSecurity developers can also be helpful."
Сервер работает под управлением CloudLinux v8.10.0 Nginx + Apache.
