I get with upload a image this error:
[:error] ModSecurity: Access denied with code 44 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/httpd/conf.d/mod_security.conf"] [line "34"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary."] [hostname "www.example.com"] [uri "/myupload"] [unique_id "W...w"], referer: https://www.example.com/myupload
[http:error] AH01579: Invalid response status 44, referer: https://www.example.com/myupload
I upload simple with
<form action="myupload" method="post" accept-charset="utf-8" enctype="multipart/form-data"><input type="file" name="image"><button type="submit" name="submit">Upload</button></form>
one of many many many image-files with this error "--"

I use modsecurity2.9.2-1.el7 and its set as "off". So why its catch this issue?
System: CentOS Linux 7.5.1804 (Core)‬ with Product Plesk Onyx Version 17.5.3
etc/httpd/conf.d/mod_security.conf
# Default recommended configuration SecRuleEngine On SecRequestBodyAccess On SecRule REQUEST_HEADERS:Content-Type "text/xml" \ "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" SecRequestBodyLimit 13107200 SecRequestBodyNoFilesLimit 131072 SecRequestBodyInMemoryLimit 131072 SecRequestBodyLimitAction Reject SecRule REQBODY_ERROR "!@eq 0" \ "id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ "id:'200002',phase:2,t:none,log,deny,status:44,msg:'Multipart request body \ failed strict validation: \ PE %{REQBODY_PROCESSOR_ERROR}, \ BQ %{MULTIPART_BOUNDARY_QUOTED}, \ BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ DB %{MULTIPART_DATA_BEFORE}, \ DA %{MULTIPART_DATA_AFTER}, \ HF %{MULTIPART_HEADER_FOLDING}, \ LF %{MULTIPART_LF_LINE}, \ SM %{MULTIPART_MISSING_SEMICOLON}, \ IQ %{MULTIPART_INVALID_QUOTING}, \ IP %{MULTIPART_INVALID_PART}, \ IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'" SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ "id:'200003',phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" SecPcreMatchLimit 1000 SecPcreMatchLimitRecursion 1000 SecRule TX:/^MSC_/ "!@streq 0" \ "id:'200004',phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" SecResponseBodyAccess Off SecDebugLog /var/log/httpd/modsec_debug.log SecDebugLogLevel 0 SecAuditEngine RelevantOnly SecAuditLogRelevantStatus "^(?:5|4(?!04))" SecAuditLogParts ABIJDEFHZ SecAuditLogType Serial SecAuditLog /var/log/httpd/modsec_audit.log SecArgumentSeparator & SecCookieFormat 0 SecTmpDir /var/lib/mod_security SecDataDir /var/lib/mod_security
Related to #1747
@Daijobou this should not be an issue with libModSecurity (aka v3.0). https://github.com/SpiderLabs/ModSecurity/commit/7def498c4c043fd857689c7cc47a64d2bdf0badb Please consider upgrading.
I'm going to close this one. If you believe this is still an issue please let us know and we can reopen it. Thanks.
hi
I get with upload a file by 48M size this error:
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator Eq' with parameter0' against variable MULTIPART_UNMATCHED_BOUNDARY' (Value:1' ) [file "/etc/nginx/modsec/modsecurity.conf"] [line "60"]
and by comment rule i can upload:
SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"id:'200004',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"
Hi MohsenNa,
do you have ModSecurity 2.9? If yes, please review all of this thread, especially this comment.
If you have 3.0 branch, please upgrade to the current master branch, and see the solution:
Anyway, the size of uploaded content not affects this issue, but if you have any boundary-like line in content, the it does.
yes my version is 3.0
very very tanks
my problem is solved
Can someone tell me if this issue is related to this error? This is on fedora28 with mod_security-2.9.2-5.fc28.x86_64
[Fri Feb 08 22:06:50.144344 2019] [:error] [pid 11255:tid 140146947102464] [client 151.106.0.210:54982] [client 151.106.0.210] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/httpd/conf.d/mod_security.conf"] [line "35"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary."] [hostname "linuxsecurity.com"] [uri "/index.php"] [unique_id "XF5Dyf3kxTYC2M5TGQgxsAAAANU"], referer: https://linuxsecurity.com/index.php?option=com_content&task=new§ionid=9&itemid=0
Most helpful comment
Hi MohsenNa,
do you have ModSecurity 2.9? If yes, please review all of this thread, especially this comment.
If you have 3.0 branch, please upgrade to the current master branch, and see the solution:
https://github.com/SpiderLabs/ModSecurity/blob/bc3d3f19154793e23568103b931a15168b34d768/modsecurity.conf-recommended#L77-L120
Anyway, the size of uploaded content not affects this issue, but if you have any boundary-like line in content, the it does.