I’m a happy user of CWAF on my Debian Server with DirectAdmin.
After the last rules update I noticed file uploads to Owncloud from the Android Owncloud app stopped working.
I had to make the following changes to my config:
210710 - Request content type is not allowed by policy
(values taken from /usr/local/cwaf/etc/userdata/userdata_wl_content_type ?)
And I had to edit /etc/httpd/conf/extra/httpd-modsecurity.conf:
SecRequestBodyNoFilesLimit 13107200 (same value as SecRequestBodyLimit) to prevent “210230 - Failed to parse request body” rule error.
Is this the best way to solve my issue?
Is there a way to make the SecRequestBodyNoFilesLimit and userdata_wl_content_type for 1 domain only, not for the whole server?