[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]После получения обновлений CMS Битрикс 25.100.300, приблизительно проблема началась 22.04.2025, не проходит проверка "Загрузка файла" и "Загрузка файла больше 4Мб" в административной части: Ошибка! Не работает.[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]При этом мы получаем в логе Apache ошибки:[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px][Tue Apr 22 15:12:43.260490 2025] [security2:error] [pid 2844456:tid 2844456] [client hide_IP:0] [client hide_IP] ModSecurity: Multipart parsing error: Multipart: Final boundary missing. [hostname "bitrix.status.SITE.com"] [uri "/bitrix/admin/site_checker.php"] [unique_id "aAeHu33BWSOImiiWsG0cwAAAAFM"][/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px][Tue Apr 22 15:12:43.264698 2025] [security2:error] [pid 2844456:tid 2844456] [client hide_IP:0] [client hide_IP] ModSecurity: Internal error: REQUEST_BODY phase incomplete for input filter in phase 1 [hostname "bitrix.status.SITE.com"] [uri "/bitrix/urlrewrite.php"] [unique_id "aAeHu33BWSOImiiWsG0cwAAAAFM"][/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]/var/log/imunify360/console.log:2025-04-22T14:57:53.813+0300 INFO Manager SensorIncident([{Rule:77316736 Retries:1 Severity:5 Name:IM360 WAF: Request body parsing error Message:IM360 WAF: Request body parsing error||err_msg:Multipart parsing error: Multipart: Final boundary missing.||RSV:6.87||RS:500||T:APACHE|| AttackersIP:hide_IP Domain:bitrix.status.SITE.com PluginID:modsec TransactionID:aAeEQcE7V8IjJA9z2ebdHAAAAXE AccessDenied:false Tag:[service_custom] ModsecVersion:2.9.7 StatusCode:500 EngineMode:ENABLED Timestamp:1745323073 Advanced:{Headers:[[Host bitrix.status.SITE.com] [X-Client-Ip hide_IP] [X-Forwarded-For hide_IP] [X-Forwarded-Proto http] [Connection close] [Content-Length 4200196] [Content-Type multipart/form-data; boundary=--------d5be26a33a0b5bde0aa68da9228363fa]] Uri:/bitrix/admin/site_checker.php HttpMethod:POST} IpWhitelisted:false Maturity: File: Dat a:<nil> Accuracy:} {Rule:77317957 Retries:1 Severity:5 Name:IM360 WAF: File upload Message:IM360 WAF: File upload||File:site_checker.bin||Size:4200000||Combined:4200000||User:statusvh||SC:/home/statusvh/bitrix.status.SITE.com/bitrix/admin/site_checker.php||WPU:||Py time:||Lua time:||RSV:6.87||RS:500||T:APACHE|| AttackersIP:hide_IP Domain:bitrix.status.SITE.com PluginID:modsec TransactionID:aAeEQcE7V8IjJA9z2ebdHAAAAXE AccessDenied:false Tag:[service_im360 noshow] ModsecVersion:2.9.7 StatusCode:500 EngineMode:ENABLED Timestamp:1745323073 Advanced:{Headers:[[X-Forwarded-Proto http] [Connection close] [Content-Length 4200196] [Content-Type multipart/form-data; boundary=--------d5be26a33a0b5bde0aa68da9228363fa] [Host bitrix.status.SITE.com] [X-Client-Ip hide_IP] [X-Forwarded-For hide_IP]] Uri:/bitrix/admin/site_checker.php HttpMethod:POST} IpWhitelisted:false Maturity: File: Dat a:<nil> Accuracy:}]) processed[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]При отключении проактивной защиты Imunify ошибка сохраняется.[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]В сравнении файлов новой и старой версии мы обнаружили различие:[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]$POST .= 'Content-Disposition: form-data; name="test_file"; filename="site_checker.bin"' . "\r\n"; - новая версия[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]$POST .= 'Content-Disposition: form-data; name="test_file"; filename="site_checker.bin' . "\r\n"; - старая версия[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]Мы обратились в техническую поддержку Imunify и нами был получен ответ:[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]"Developers checked the issue, but did not find any unusual ModSecurity settings that may be causing the issue.[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]From the Apache log, we see:[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]ModSecurity: Multipart parsing error: Multipart: Invalid Content-Disposition header (-10): form-data; name="test_file"; filename="site_checker.bin."And the dot at the end of the filename parameter value does not comply with the RFC. From the ModSecurity documentation:[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]ModSecurity implements a built-in multipart/form-data parser that enforces strict RFC compliance checks internally. This parser is triggered automatically whenever ModSecurity encounters multipart forms, regardless of explicitly loaded rules. Multipart requests failing RFC compliance (such as RFC 7578) will cause ModSecurity to generate an internal error message (and block the request by default).In order to investigate the issue in more detail, we suggest contacting Bitrix support to clarify this filename peculiarity.[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]Getting in touch with the ModSecurity developers can also be helpful."
Сервер работает под управлением CloudLinux v8.10.0 Nginx + Apache.[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]При этом мы получаем в логе Apache ошибки:[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px][Tue Apr 22 15:12:43.260490 2025] [security2:error] [pid 2844456:tid 2844456] [client hide_IP:0] [client hide_IP] ModSecurity: Multipart parsing error: Multipart: Final boundary missing. [hostname "bitrix.status.SITE.com"] [uri "/bitrix/admin/site_checker.php"] [unique_id "aAeHu33BWSOImiiWsG0cwAAAAFM"][/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px][Tue Apr 22 15:12:43.264698 2025] [security2:error] [pid 2844456:tid 2844456] [client hide_IP:0] [client hide_IP] ModSecurity: Internal error: REQUEST_BODY phase incomplete for input filter in phase 1 [hostname "bitrix.status.SITE.com"] [uri "/bitrix/urlrewrite.php"] [unique_id "aAeHu33BWSOImiiWsG0cwAAAAFM"][/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]/var/log/imunify360/console.log:2025-04-22T14:57:53.813+0300 INFO Manager SensorIncident([{Rule:77316736 Retries:1 Severity:5 Name:IM360 WAF: Request body parsing error Message:IM360 WAF: Request body parsing error||err_msg:Multipart parsing error: Multipart: Final boundary missing.||RSV:6.87||RS:500||T:APACHE|| AttackersIP:hide_IP Domain:bitrix.status.SITE.com PluginID:modsec TransactionID:aAeEQcE7V8IjJA9z2ebdHAAAAXE AccessDenied:false Tag:[service_custom] ModsecVersion:2.9.7 StatusCode:500 EngineMode:ENABLED Timestamp:1745323073 Advanced:{Headers:[[Host bitrix.status.SITE.com] [X-Client-Ip hide_IP] [X-Forwarded-For hide_IP] [X-Forwarded-Proto http] [Connection close] [Content-Length 4200196] [Content-Type multipart/form-data; boundary=--------d5be26a33a0b5bde0aa68da9228363fa]] Uri:/bitrix/admin/site_checker.php HttpMethod:POST} IpWhitelisted:false Maturity: File: Dat a:<nil> Accuracy:} {Rule:77317957 Retries:1 Severity:5 Name:IM360 WAF: File upload Message:IM360 WAF: File upload||File:site_checker.bin||Size:4200000||Combined:4200000||User:statusvh||SC:/home/statusvh/bitrix.status.SITE.com/bitrix/admin/site_checker.php||WPU:||Py time:||Lua time:||RSV:6.87||RS:500||T:APACHE|| AttackersIP:hide_IP Domain:bitrix.status.SITE.com PluginID:modsec TransactionID:aAeEQcE7V8IjJA9z2ebdHAAAAXE AccessDenied:false Tag:[service_im360 noshow] ModsecVersion:2.9.7 StatusCode:500 EngineMode:ENABLED Timestamp:1745323073 Advanced:{Headers:[[X-Forwarded-Proto http] [Connection close] [Content-Length 4200196] [Content-Type multipart/form-data; boundary=--------d5be26a33a0b5bde0aa68da9228363fa] [Host bitrix.status.SITE.com] [X-Client-Ip hide_IP] [X-Forwarded-For hide_IP]] Uri:/bitrix/admin/site_checker.php HttpMethod:POST} IpWhitelisted:false Maturity: File: Dat a:<nil> Accuracy:}]) processed[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]При отключении проактивной защиты Imunify ошибка сохраняется.[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]В сравнении файлов новой и старой версии мы обнаружили различие:[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]$POST .= 'Content-Disposition: form-data; name="test_file"; filename="site_checker.bin"' . "\r\n"; - новая версия[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]$POST .= 'Content-Disposition: form-data; name="test_file"; filename="site_checker.bin' . "\r\n"; - старая версия[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]Мы обратились в техническую поддержку Imunify и нами был получен ответ:[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]"Developers checked the issue, but did not find any unusual ModSecurity settings that may be causing the issue.[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]From the Apache log, we see:[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]ModSecurity: Multipart parsing error: Multipart: Invalid Content-Disposition header (-10): form-data; name="test_file"; filename="site_checker.bin."And the dot at the end of the filename parameter value does not comply with the RFC. From the ModSecurity documentation:[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]ModSecurity implements a built-in multipart/form-data parser that enforces strict RFC compliance checks internally. This parser is triggered automatically whenever ModSecurity encounters multipart forms, regardless of explicitly loaded rules. Multipart requests failing RFC compliance (such as RFC 7578) will cause ModSecurity to generate an internal error message (and block the request by default).In order to investigate the issue in more detail, we suggest contacting Bitrix support to clarify this filename peculiarity.[/SIZE][/FONT][/COLOR]
[COLOR=#333333][FONT=system-ui, -apple-system, BlinkMacSystemFont, Segoe UI, Roboto, Ubuntu, Helvetica Neue, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol][SIZE=15px]Getting in touch with the ModSecurity developers can also be helpful."
Сервер работает под управлением CloudLinux v8.10.0 Nginx + Apache.[/SIZE][/FONT][/COLOR]
