English translations
This post was translated with the help of a translation tool. Therefore, occasional errors are possible. An error-free version is available in German
This page is also available in: Deutsch (German)
The WAF of the Sophos Firewall has a limit on the file sizes that are allowed through the WAF. This article explains how to adjust the WAF 1MB limit on Sophos Firewall - completely manually, or with the help of a script.
Sophos uses the Apache server module "ModSecurity" for its WAF. By default, this module has a limit on the file sizes that can pass through the WAF - this is not a Sophos standard. Unfortunately, there is no way to set this limit directly in the GUI or the shell. To do this, you must adjust the value in the firewall database using the advanced shell.
In general, you will notice that files over 1MB will not go through. The error message in the respective web application is not always the same. If you check the log entries in the reverseproxy.log file, you will find such an error here:
[DATE] [security2:error] [....] ModSecurity: Request body no files data length is larger than the configured limit (1048576).. Deny with code (413) [....]
At the beginning, as always, the obligatory warning that changes in the advanced shell should always be treated with caution. Incorrect entries can lead to undesirable side effects, instability or crashes. In case of doubt, the adjustment should be carried out by experienced users, a Sophos partner or Sophos Support.
We do not accept any liability for errors that may be caused by the commands or script presented here. Use at your own risk. If in doubt, please test everything in a test environment beforehand.
The following requirements must be met for implementation:
Please note that the WAF cannot process infinitely large files. It is still a firewall. It is not intended to replace a fully-fledged WAF.
In my tests, I could set 100-200 MB without any problems. Higher limits are conceivable, but in my opinion do not make sense with the WAF.
Nevertheless: The maximum limit is theoretically due to the integer limitation at 2147483647 ≈ 2147 MB ≈ 2,14 GB
.
Also bear in mind that an XGS3300 can handle large limits better than an XGS87!
The traditional way is the manual way. To do this, proceed as follows:
You can use this command to display the WAF profiles in the advanced shell.
psql -U nobody -d corporate -c "select name,id,sec_request_body_no_files_limit from tblwafsecurityprofile;"
The command displays the name of the profile, the ID of the profile in the database and the current limit. The ID is required for the next steps.
Now replace YYY with the ID of the profile to be customized in the following command.
You also replace XXX with an integer. It stands for the new size in MB.
psql -U nobody -d corporate -c "update tblwafsecurityprofile set sec_request_body_no_files_limit=(1048576*XXX) where id ='YYY';"
Here is an example in which the limit of profile ID 7 is set to 10MB:
psql -U nobody -d corporate -c "update tblwafsecurityprofile set sec_request_body_no_files_limit=(1048576*10) where id ='7';"
Whether the limit has been set successfully is first acknowledged with an "Update 1" in the console. You can check the value with the"List" command from above.
Finally, the new limit must be activated. To do this, the following command must be sent, which re-reads the WAF configuration once.
opcode waf_reconfig -t json -b '{"Entity": "waf_advanced_config", "Event": "UPDATE"}' -ds nosync
The process is acknowledged with "200 OK". Done, the new limit is active. 😀
You wanted to adjust the limit more often, are not so confident in using the CLI, or are afraid of making adjustments in the database? No problem! Our ITW script can help here. Just run it and you will be guided through the configuration. You don't need any knowledge of the necessary commands and don't have to worry about typos! 😀
If the script is on your firewall, you can simply start it like this. Please note that the script must always be started with a sh
beforehand due to shell regulations.
After calling up the available profiles are listed and you can enter the profile and the limit to be set.
sh /pathtoscript/waf_1mb_change.sh
You will then be prompted to confirm and the customization is complete.
The script is limited to a 200 MB limit and does not accept larger values.
You want to upload the script to the firewall yourself? Then use this download.
It's even easier with this. You download the script directly in the advanced shell and can start directly.
curl -s -L -o /tmp/waf_1mb_change.sh https://it-tech.wiki/sdc_download/2741/?key=2otn2oerlxhgxsj72esfre99kvvqat && echo -en "\n\nUse \"sh /tmp/waf_1mb_change.sh -h\" to get help for first use\n\n"
You are also welcome to take a look at another of our own developments:
This page is also available in: Deutsch (German)
Feel free to leave a comment and share your opinion! This helps us to improve the tools and drive further exciting developments
This page is also available in: Deutsch (German)
You're leaving the website
You are about to leave the website and are going to:
{fbExpr this.triggerElement.href}
Please make sure that you trust this website as we cannot be held responsible for external content.
Genial, danke! Das erleichtert einiges! 5*