Original Question or Issue: |
After upgrading to the latest version, the directory that was previously authorized to download is now unable to download. |
|
|
Steps to Reproduce: |
|
Error or Log Message: | Apache error logs: [Tue May 20 05:45:49.803000 2025] [:error] [pid 2058107:tid 2058107] [client 10.101.202.2:65025] [client 10.101.202.2] ModSecurity: Warning. Pattern match "\\\\xbc[^\\\\xbe>]*[\\\\xbe>]|<[^\\\\xbe]*\\\\xbe" at ARGS:filepath. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "546"] [id "941310"] [msg "US-ASCII Malformed Encoding XSS Filter - Attack Detected"] [data "Matched Data: |
Defect or Enhancement Number: |
|
Cause: | This is a known issue related to ModSecurity, which was introduced to the Ubuntu build starting from the FileCloud Server 23.242 release. We added a security module to Apache (modsec), which in Linux packages could include a set of restrictive rules that could block requests.
|
Resolution or Workaround: |
We need to turn off the SecRuleEngine by following the following items:
vi /etc/apache2/apache2.conf SecRuleEngine Off
service apache2 restart |
Notes: | An improvement to address this behavior is planned and will be included in the upcoming 23.251 release. Internal Development ticket ID: FCL-1237 |