Skip to content

Appsec breaks uploading of large files to Nextcloud #71

New issue
New issue
Open
Open
Appsec breaks uploading of large files to Nextcloud#71
@YeapGuy

Description

@YeapGuy
YeapGuy
opened on Jun 7, 2024

Hi. I'm using NPMplus as a reverse proxy for my Nextcloud installation - it includes this bouncer with appsec features.
When I enable appsec and try to upload a large file using WebDAV, I get errors like this in my log:

2024/06/06 10:15:35 [warn] 19486#19486: *35705 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000000018 while reading request body, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00001 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:15:37 [warn] 19486#19486: *35705 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000000019 while reading request body, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00002 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:16:01 [error] 19486#19486: *35705 lua tcp socket write timed out, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00002 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:16:01 [error] 19486#19486: *35705 [lua] crowdsec.lua:578: AppSecCheck(): Fallback because of err: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00002 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:16:01 [error] 19486#19486: *35705 [lua] crowdsec.lua:651: Allow(): AppSec check: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00002 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:16:01 [alert] 19486#19486: *35705 [lua] crowdsec.lua:718: Allow(): [Crowdsec] denied '192.168.0.1' with 'ban' (by appsec), client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00002 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:16:01 [warn] 19486#19486: *35705 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000000020 while reading request body, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00003 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:16:41 [error] 19486#19486: *35705 lua tcp socket write timed out, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00003 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:16:41 [error] 19486#19486: *35705 [lua] crowdsec.lua:578: AppSecCheck(): Fallback because of err: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00003 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:16:41 [error] 19486#19486: *35705 [lua] crowdsec.lua:651: Allow(): AppSec check: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00003 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:16:41 [alert] 19486#19486: *35705 [lua] crowdsec.lua:718: Allow(): [Crowdsec] denied '192.168.0.1' with 'ban' (by appsec), client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00003 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:16:42 [warn] 19486#19486: *35705 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000000021 while reading request body, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00004 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:17:30 [error] 19486#19486: *35705 lua tcp socket read timed out, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00004 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:17:30 [error] 19486#19486: *35705 [lua] crowdsec.lua:578: AppSecCheck(): Fallback because of err: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00004 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:17:30 [error] 19486#19486: *35705 [lua] crowdsec.lua:651: Allow(): AppSec check: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00004 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:17:30 [alert] 19486#19486: *35705 [lua] crowdsec.lua:718: Allow(): [Crowdsec] denied '192.168.0.1' with 'ban' (by appsec), client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00004 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:17:32 [warn] 19486#19486: *35705 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000000022 while reading request body, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00005 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:18:25 [error] 19486#19486: *35705 lua tcp socket write timed out, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00005 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:18:25 [error] 19486#19486: *35705 [lua] crowdsec.lua:578: AppSecCheck(): Fallback because of err: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00005 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:18:25 [error] 19486#19486: *35705 [lua] crowdsec.lua:651: Allow(): AppSec check: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00005 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:18:25 [alert] 19486#19486: *35705 [lua] crowdsec.lua:718: Allow(): [Crowdsec] denied '192.168.0.1' with 'ban' (by appsec), client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00005 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:18:27 [warn] 19486#19486: *35705 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000000023 while reading request body, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00006 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:19:51 [error] 19486#19486: *35705 lua tcp socket write timed out, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00006 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:19:51 [error] 19486#19486: *35705 [lua] crowdsec.lua:578: AppSecCheck(): Fallback because of err: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00006 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:19:51 [error] 19486#19486: *35705 [lua] crowdsec.lua:651: Allow(): AppSec check: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00006 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:19:51 [alert] 19486#19486: *35705 [lua] crowdsec.lua:718: Allow(): [Crowdsec] denied '192.168.0.1' with 'ban' (by appsec), client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00006 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:19:51 [warn] 19486#19486: *35705 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000000024 while reading request body, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00007 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:21:43 [error] 19486#19486: *35705 lua tcp socket read timed out, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00007 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:21:43 [error] 19486#19486: *35705 [lua] crowdsec.lua:578: AppSecCheck(): Fallback because of err: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00007 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:21:43 [error] 19486#19486: *35705 [lua] crowdsec.lua:651: Allow(): AppSec check: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00007 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:21:43 [alert] 19486#19486: *35705 [lua] crowdsec.lua:718: Allow(): [Crowdsec] denied '192.168.0.1' with 'ban' (by appsec), client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00007 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:21:44 [warn] 19486#19486: *35705 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000000027 while reading request body, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00008 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:22:14 [error] 19486#19486: *35705 lua tcp socket write timed out, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00008 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:22:14 [error] 19486#19486: *35705 [lua] crowdsec.lua:578: AppSecCheck(): Fallback because of err: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00008 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:22:14 [error] 19486#19486: *35705 [lua] crowdsec.lua:651: Allow(): AppSec check: timeout, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00008 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:22:14 [alert] 19486#19486: *35705 [lua] crowdsec.lua:718: Allow(): [Crowdsec] denied '192.168.0.1' with 'ban' (by appsec), client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00008 HTTP/1.1", host: "my-nextcloud.redacted.tld"
2024/06/06 10:22:16 [warn] 19486#19486: *35705 a client request body is buffered to a temporary file /usr/local/nginx/client_body_temp/0000000028 while reading request body, client: 192.168.0.1, server: my-nextcloud.redacted.tld, request: "PUT /remote.php/dav/uploads/user/3803052717/00009 HTTP/1.1", host: "my-nextcloud.redacted.tld"

And the memory usage goes like this:
image

I can't use appsec due to this.

I was directed here by NPMplus' developer from here ZoeyVid/NPMplus#873

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions