Server: "An unknown error has occurred" when upload any files with extensions.

having the same problem :(

The same error occurs after I cancel uploading process (even if it's single file)

Plaeas provide some more technical information. How have you installed Nextcloud? On what kind of server? What apps have you activated?
You may use the system report button on the Support page in your admin settings to generate the necessary information automatically.

Hi,

I tried with both softaculous and upload via ftp but I failed.
I haven't activated any App by myself.
I have reviewed the support page but could not find a solution.

SERVER INFO:
cPanel Version | 80.0 (build 22)
Apache Version | 2.4.39
PHP Version | 7.3.7
MySQL Version | 10.3.16-MariaDB
Architecture | x86_64
Operating System | linux
Kernel Version | 3.10.0-962.3.2.lve1.5.26.1.el7.x86_64

ACTIVE SERVICES:
apache_php_fpm | up |  
clamd | up |  
cpanellogd | up |  
cpdavd | up |  
cphulkd | up |  
cpsrvd | up |  
crond | up |  
cxswatch | up |  
dnsadmin | up |  
exim (exim-4.92-1.cp1180.x86_64) | up |  
exim-587 | up |  
ftpd | up |  
httpd (2.4.39 (cPanel)) | up |  
imap | up |  
ipaliases | up |  
letsencrypt-cpanel | up |  
lfd | up |  
lmtp | up |  
mailman | up |  
mysql (10.3.16-MariaDB) | up |  
nscd | up |  
pop | up |  
rsyslogd | up |  
spamd | up |  
sshd | up |  
queueprocd | up |  

PHP EXTENSIONS:

You may use the system report button on the Support page in your admin settings to generate the necessary information automatically.

I have reviewed the support page but could not find a solution.

Exactly same issue here.

I deleted everything and started from scratch, as users where not able to upload any files.
Users can create folders but cannot upload any files. If the extension gets deleted, the file can be uploaded.

Operating system: Linux 3.10.0-957.21.3.el7.x86_64 #1 SMP Tue Jun 18 16:35:19 UTC 2019 x86_64
Webserver: Apache (fpm-fcgi)
Database: mysql 5.7.27
PHP version: 7.3.7
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, cgi-fcgi, bcmath, calendar, ctype, curl, dom, ftp, gd, iconv, imap, intl, json, mbstring, mysqlnd, PDO, Phar, posix, SimpleXML, soap, sockets, sqlite3, tokenizer, xml, xmlwriter, xsl, zip, mysqli, pdo_mysql, pdo_sqlite, wddx, xmlreader, Zend OPcache
Nextcloud version: 16.0.3 - 16.0.3.0
Updated from an older Nextcloud/ownCloud or fresh install:
Where did you install Nextcloud from: unknown
Signing status List of activated apps Configuration (config/config.php)
{
"instanceid": "REMOVED SENSITIVE VALUE",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"xxx"
],
"datadirectory": "REMOVED SENSITIVE VALUE",
"dbtype": "mysql",
"version": "16.0.3.0",
"overwrite.cli.url": "https://xxx/nextcloud",
"dbname": "REMOVED SENSITIVE VALUE",
"dbhost": "REMOVED SENSITIVE VALUE",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"installed": true
}
External storages: files_external is disabled
Encryption: no
User-backends:
• OCUserDatabase
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

I hope this issue can be solved quickly as nextcloud cannot be used at all for the moment.

Server configuration detail
Operating system: Linux 3.10.0-962.3.2.lve1.5.26.1.el7.x86_64 #1 SMP Fri Jun 28 06:30:57 EDT 2019 x86_64

Webserver: LiteSpeed (litespeed)

Database: mysql 10.3.17

PHP version: 7.1.30

Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, bz2, calendar, ctype, curl, hash, filter, ftp, gettext, gmp, SPL, iconv, pcntl, readline, Reflection, session, standard, shmop, SimpleXML, mbstring, tokenizer, xml, litespeed, bcmath, dom, fileinfo, gd, imagick, imap, intl, json, exif, mcrypt, mysqlnd, mysqli, PDFlib, PDO, pdo_mysql, pdo_sqlite, Phar, posix, rar, soap, sockets, tidy, wddx, xmlreader, xmlrpc, xmlwriter, xsl, zip, ionCube Loader, Zend OPcache

Nextcloud version: 16.0.3 - 16.0.3.0

Updated from an older Nextcloud/ownCloud or fresh install:

Where did you install Nextcloud from: unknown

Signing status
Array ( )

List of activated apps
Enabled:

• accessibility: 1.2.0
• activity: 2.9.1
• audioplayer: 2.7.2
• bruteforcesettings: 1.3.0
• cloud_federation_api: 0.2.0
• comments: 1.6.0
• dav: 1.9.2
• federatedfilesharing: 1.6.0
• federation: 1.6.0
• files: 1.11.0
• files_pdfviewer: 1.5.0
• files_rightclick: 0.13.0
• files_sharing: 1.8.0
• files_texteditor: 2.8.0
• files_trashbin: 1.6.0
• files_versions: 1.9.0
• files_videoplayer: 1.5.0
• firstrunwizard: 2.5.0
• gallery: 18.3.0
• logreader: 2.1.0
• lookup_server_connector: 1.4.0
• music: 0.10.0
• nextcloud_announcements: 1.5.0
• notifications: 2.4.1
• oauth2: 1.4.2
• password_policy: 1.6.0
• privacy: 1.0.0
• provisioning_api: 1.6.0
• recommendations: 0.4.0
• serverinfo: 1.6.0
• sharebymail: 1.6.0
• support: 1.0.0
• survey_client: 1.4.0
• systemtags: 1.6.0
• theming: 1.7.0
• twofactor_backupcodes: 1.5.0
• updatenotification: 1.6.0
• viewer: 1.0.0
• workflowengine: 1.6.0
  Disabled:
• admin_audit
• encryption
• files_external
• user_ldap
  Configuration (config/config.php)
  {
  "instanceid": "REMOVED SENSITIVE VALUE",
  "passwordsalt": "REMOVED SENSITIVE VALUE",
  "secret": "REMOVED SENSITIVE VALUE",
  "trusted_domains": [
  "REMOVED SENSITIVE VALUE","
  ],
  "datadirectory": "REMOVED SENSITIVE VALUE",
  "dbtype": "mysql",
  "version": "16.0.3.0",
  "overwrite.cli.url": REMOVED SENSITIVE VALUE",
  "dbname": "REMOVED SENSITIVE VALUE",
  "dbhost": "REMOVED SENSITIVE VALUE",
  "dbport": "",
  "dbtableprefix": "oc_",
  "dbuser": "REMOVED SENSITIVE VALUE",
  "dbpassword": "REMOVED SENSITIVE VALUE",
  "installed": true
  }
  External storages: files_external is disabled

Encryption: no

User-backends:

OCUserDatabase
Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36

Anything in the logs?

No nothing. Checked every nextcloud and server log. Absolutely nothing. No permission errors.
I deleted the whole installation including the database and started from scratch 2 times with a fresh source download from nextcloud website. Still the same.
The only spelling error message I get is in the latest android app. The error “you don’t have
Permission to upload files to this folder” is displayed. The user, who tries to upload files do have
Admin permission.
Again, if the extension of the file gets deleted e.g. test.pdf renamed to test then the files can easily be uploaded via the web interface as also with the android app.

Mind to try a test instance: https://try.nextcloud.com?

I deleted the whole installation including the database and started from scratch 2 times with a fresh source download from nextcloud website. Still the same.

That really looks like something's wrong on your infrastructure side.

When you add 'loglevel' => 0, to the config.php, the log gets way more verbose and might tell us more.

Also, please note:

• Lightspeed is not a recommended nor supported web server
• Consider upgrading PHP to version 7.3

Finally I solved the error by disabling ModSecurity in cpanel. (Found this tipp on nextcloud help). The qeustion is how to have a working solution for netcloud with ModSecurity enabled.

The qeustion is how to have a working solution for netcloud with ModSecurity enabled.

Nextcloud has nothing to do with that, you have to configure it in ModSecurity.

• You can add a new ModSecurity rule that allow the affected problem.
• You can whitelist the affected ModSecurity rule completely

Finally I solved the error by disabling ModSecurity in cpanel. (Found this tipp on nextcloud help). The qeustion is how to have a working solution for netcloud with ModSecurity enabled.

Thanks for your feedback :+1:

Finally I solved the error by disabling ModSecurity in cpanel. (Found this tipp on nextcloud help). The qeustion is how to have a working solution for netcloud with ModSecurity enabled.

Disabling ModSecurity solved the problem.

Thank you stoneubi thank you all.

This issue is also affecting me, and I'm not able to disable/remove modsecurity. Files under ~10 MB upload fine, but files over 10 MB with extensions will not upload, giving a "Unknown Error" message with no other error messages that I can find. The same file with extension removed works fine. Is there no solution for those who cannot remove or disable modsecurity? What causes this behavior?

This seems to be relevant: https://help.nextcloud.com/t/cant-upload-file-size-more-than-10mb/86266/3
Wordpress on the same host has no trouble with uploads over 10 MB, so it seems like this is a fixable issue.

This issue is also affecting me, and I'm not able to disable/remove modsecurity.

• Nextcloud cannot influence the behaviour of ModSecurity.
• It is not possible for a PHP software like Nextcloud to access the underlying ModSecurity.

It also makes no sense that a software should be able to directly influence ModSecurity Rules (ModSecurity would be worthless). Nextcloud really can't do anything about it. So I don't understand what you expect from nextcloud now.

I'm wondering if it might be possible for nextcloud to handle file uploads
slightly differently to avoid hitting this limit in modsecurity.

I understand that nextcloud cannot change the behavior of modsecurity, but
wordpress and flow upload both upload files that do not upload using the
standard nextcloud process in the same environment. It follows that
nextcloud could work with modsecurity as well.

I'd like to understand what modsecurity is flagging, and if it would be
possible to change the behavior to avoid triggering modsecurity. The
software cannot change the rules, but it can work within the rules to avoid
problems.

So, to summarize, I'd like for nextcloud to work with common modsecurity
settings as that seems like a reasonable request and something that would
benefit the nextcloud community.

On Wed, Sep 30, 2020, 9:02 AM Markus Ritzmann notifications@github.com
wrote:

This issue is also affecting me, and I'm not able to disable/remove
modsecurity.

• Nextcloud cannot influence the behaviour of ModSecurity.
• It is not possible for a PHP software like Nextcloud to access the
  underlying ModSecurity.
• It also makes no sense that a software should be able to directly
  influence ModSecurity Rules (ModSecurity would be worthless).

Nextcloud really can't do anything about it. So I don't understand what
you expect from nextcloud now.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/nextcloud/server/issues/16575#issuecomment-701375723,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AIQYQZOKWVEBZEOHZ4ECBW3SIMT45ANCNFSM4IHGXKOA
.

Having the same problem and still stuck since there is no "ModSecurity" to disable.
Nextcloud worked for a long time and the issue is pretty new and it really only appears when file is bigger than 10MB.

Do I need to change a firewall rule?
What do I need to change server side that it will work again?

thanks for any hints.

@magdesign,
Just to clarify, can you upload files over 10MB if the extension is removed?

On Thu, Oct 1, 2020, 4:57 AM magdesign notifications@github.com wrote:

Having the same problem and still stuck since there is no "ModSecurity" to
disable.
Nextcloud worked for a long time and the issue is pretty new and it really
only appears when file is bigger than 10MB.

Do I need to change a firewall rule?
What do I need to change server side that it will work again?

thanks for any hints.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/nextcloud/server/issues/16575#issuecomment-701993205,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AIQYQZLPMZZ3CYHNJUO2RGLSIQ757ANCNFSM4IHGXKOA
.

The software cannot change the rules, but it can work within the rules to avoid problems.

A few years ago cpanel introduced a ModSecurity addon. The add-on could only be switched on or off, because most webhosters did not have the possibility to create individual rules or whitelists. As a consequence, many WordPress plugin and theme authors have received many support requests. To prevent support requests there are many WordPress Addons that include mega ugly workarounds for only this problem. For the code quality this is quite ugly and causes problems in the long run. So I think it's an extremely bad idea to adapt Nextcloud to a WAF just because you can't edit WAF rules.

And I also think that "it works with Wordpress" is not an argument.

This must be approached in reverse: The best known rule set for ModSecurity offers predefined exceptions for WordPress, Nextcloud and many other CMS systems. See: https://github.com/coreruleset/coreruleset/tree/v3.4/dev/rules

• Maybe you have included the whitelist for WordPress, but not the whitelist for Nextcloud? It would be interesting to know which source you use for your ModSecurity rules.
• But maybe there is also a bug with your rules, see: https://github.com/coreruleset/coreruleset/issues?q=is%3Aissue+is%3Aopen+Nextcloud Your issue would probably be better off there if you use the CoreRule set.
• ModSecurity writes logs. There you can see which rule has been hit. You can then either unblock or optimize them. The people from the CoreRule set will be happy to help you with this and then they can add it to the predefined Nextcloud-whitelist.
• If you use ModSecurity with NGINX: There are for example bugs with larger files that are sent via post request. Certain filetypes are checked by ModSecurity, but this will crash the request if it is too big (maybe this was already fixed in newer nginx/modsecurity versions). Therefore it might work if you remove the file extension. But this is also not a problem of Nextcloud. Well possible that uploads to WordPress are even completely released in the whitelist of ModSecurity, I do not know.

I can't see the logs of modsecurity, and I can't change any of the rules as I am on shared hosting. In fact, I'm not even 100% sure if this is an issue with modsecurity as I don't have any direct evidence that it is. However, the only references to this issue that have been solved have to do with disabling or changing modsecurity, and as far as I can see everything else is in order. What can I look for in nextcloud logs to find out what "Unknown Error" means? At the very least it should give an intelligible error.

@KW4NP :
when the file ending e.g. *.blend is removed, I still get the error if file is bigger than 10MB:

under /etc/php/7.2/fpm/php.ini the limit is set to 128M

Ok, you are dealing with a different issue. It sounds like your problem
might be php settings. I can upload the same file that fails with an
extension if I remove the extension. Could still be modsecurity.

On Fri, Oct 2, 2020, 9:03 AM magdesign notifications@github.com wrote:

@KW4NP https://github.com/KW4NP :
when the file ending e.g. *.blend is removed, I still get the error if
file is bigger than 10MB:

[image: limit]
https://user-images.githubusercontent.com/5273166/94925975-5cacea00-04c0-11eb-99d8-559699ac07b4.png

under /etc/php/7.2/fpm/php.ini the limit is set to 128M

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/nextcloud/server/issues/16575#issuecomment-702721583,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AIQYQZKUZZGVZP4GHPCBDNDSIXFRRANCNFSM4IHGXKOA
.

Maybe we can see what is going on now. Do you have any logs? Also, is the
limit for a file with extension around 10mb? In other words, have you tried
uploading a file smaller than 10 mb with an extension?

On Mon, Nov 16, 2020, 13:49 uqlel notifications@github.com wrote:

I have this same error, i don't have mod_security, and the limit is also
set to 128M

Operating system: Linux 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64

Webserver: Apache/2.4.41 (Ubuntu) (apache2handler)

Database: mysql 10.1.47

PHP version: 7.4.12

Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, sodium, apache2handler, mysqlnd, PDO, xml, bcmath, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, intl, json, ldap, exif, mysqli, pdo_mysql, Phar, posix, readline, shmop, SimpleXML, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlwriter, xsl, zip, ionCube Loader, Zend OPcache

Nextcloud version: 20.0.1 - 20.0.1.1

Updated from an older Nextcloud/ownCloud or fresh install:

Where did you install Nextcloud from: unknown

Signing status

Array ( )

List of activated apps

Enabled:

• accessibility: 1.6.0
• activity: 2.13.2
• bruteforcesettings: 2.0.1
• cloud_federation_api: 1.3.0
• comments: 1.10.0
• contactsinteraction: 1.1.0
• dashboard: 7.0.0
• dav: 1.16.0
• federatedfilesharing: 1.10.1
• federation: 1.10.1
• files: 1.15.0
• files_pdfviewer: 2.0.1
• files_rightclick: 0.17.0
• files_sharing: 1.12.0
• files_trashbin: 1.10.1
• files_versions: 1.13.0
• files_videoplayer: 1.9.0
• firstrunwizard: 2.9.0
• logreader: 2.5.0
• lookup_server_connector: 1.8.0
• nextcloud_announcements: 1.9.0
• notifications: 2.8.0
• oauth2: 1.8.0
• password_policy: 1.10.1
• photos: 1.2.0
• privacy: 1.4.0
• provisioning_api: 1.10.0
• recommendations: 0.8.0
• serverinfo: 1.10.0
• settings: 1.2.0
• sharebymail: 1.10.0
• support: 1.3.0
• survey_client: 1.8.0
• systemtags: 1.10.0
• text: 3.1.0
• theming: 1.11.0
• twofactor_backupcodes: 1.9.0
• updatenotification: 1.10.0
• user_status: 1.0.0
• viewer: 1.4.0
• weather_status: 1.0.0
• workflowengine: 2.2.0
  Disabled:
• admin_audit
• encryption
• files_external
• user_ldap

Configuration (config/config.php)

{
"instanceid": "REMOVED SENSITIVE VALUE",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"cloud.yourcraft.pl"
],
"datadirectory": "REMOVED SENSITIVE VALUE",
"dbtype": "mysql",
"version": "20.0.1.1",
"overwrite.cli.url": "http://cloud.yourcraft.pl",
"dbname": "REMOVED SENSITIVE VALUE",
"dbhost": "REMOVED SENSITIVE VALUE",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"installed": true
}

External storages: files_external is disabled

Encryption: no

User-backends:

OCUserDatabase

Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/nextcloud/server/issues/16575#issuecomment-727957862,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AIQYQZK3P33UQO5OXLYEPATSQENXNANCNFSM4IHGXKOA
.

Same here, i resolved the problem disabling the rule "920420" of the vendor OWASP3, i already reported it to them, maybe it would be good if everyone facing this problem with this modsecurity rule report it too to owasp3