Desktop Client: Access Denied with code 510

pato · June 27, 2019, 5:57am

On a new nextcloud installation, I have a problem with the desktop client.

Nextcloud version: 16.0.1
Desktop OS: Manjaro 18.0.4
Nextcloud desktop client: 2.5.2git

I put files in my local nextcloud folder and the client started syncing. In the log-window I get loads of error messages like these:

The nextcloud server log doesn’t show any error messages.

The server logfile shows loads of error messages like this:

[Thu Jun 27 06:21:06.574820 2019] [:error] [pid 14512] [client 92.248.xx.xx] 
ModSecurity: Access denied with code 510 (phase 1). 
Match of "rx ^0$" against "REQUEST_HEADERS:Content-Length" required. 
[file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_21_protocol_anomalies.conf"] 
[line "84"] [id "960904"] [rev "2"] 
[msg "Request Containing Content, but Missing Content-Type header"] 
[severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [hostname "mydomain.at"] 
[uri "/cloud/remote.php/dav/uploads/myusername/1832646546/00000000"] [unique_id "XRREMn8AAAEAADiwt9EAAAAB"]

After multiple attempts, the desktop client is able to sync some of the files. After one day, almost half of the files (some hundred) got uploaded.

Uploading through the web interface works without errors.

I did search for the error messages online but couldn’t find anything useful. Does someone have a hint for me?

tflidd · June 27, 2019, 6:02am

You should review your modsecurity rules. I’d try first without modsecurity at all if the client works properly. I’m not sure if there is an official rule set, I found two links to virtual machines where it seems to be used:

https://ownyourbits.com/2017/03/23/modsecurity-web-application-firewall-for-nextcloud/

github.com

nextcloud/vm/blob/master/static/modsecurity.sh

#!/bin/bash

# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/

# shellcheck disable=2034,2059
true
# shellcheck source=lib.sh
. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)

print_text_in_color "$ICyan" "Installing ModSecurity..."

# Check for errors + debug code and abort if something isn't right
# 1 = ON
# 0 = OFF
DEBUG=0
debug_mode

# Check if root
root_check

This file has been truncated. show original

pato · June 27, 2019, 6:54am

Thank you very much!

I was able to disable a specific ModSecurity Rule on my hosted server, and for now it seems to be a solution.

Apparently it is the forceRequestBodyVariable Rule with ID 960904.

It could be that my webhoster is very strict with security rules, but maybe this is also an opportunity to change the desktop client to not violate against this issue?

tflidd · June 27, 2019, 7:13am

Usually such a rule set comes with some default settings which might or might not be suitable for a specific application. I don’t know enough of the client-server communication to tell if this behaviour is required and the rule must be disabled.

trosolen · January 28, 2021, 8:52pm

Hi all

I’m having a great deal of fails like mentioned by pato, but since I’m using a hosting service I’m not able to install, well, virtually anything.

So modsecurity is not a way to go for me.

My win10 client is failing to PUT many files into my cloud. PDfs, Mp4, Zip, PcbDoc, php.
Apparently not any particular file type. Many are small (in case you’re thinking about large file size issues).

I read many treads already and I still can find out why this “510 not extended” error is happening.

Any light on how to find out whats happening or even solving this?

Thank in advanced!