-
Notifications
You must be signed in to change notification settings - Fork 283
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Headers are already sent. Cannot perform the redirection at this point #254
Comments
Hi @kpushkaryov , This sounds like fundamentally the same issue as #41. Feel free to correct me if you think I am mistaken. |
@martinhsv, the issues may be related, but I'm not sure. The error messages are similar, but still different. Also, |
4 tasks
jaskaransarkaria
added a commit
to ministryofjustice/cloud-platform-terraform-ingress-controller
that referenced
this issue
Dec 4, 2024
jaskaransarkaria
added a commit
to ministryofjustice/cloud-platform-terraform-ingress-controller
that referenced
this issue
Dec 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I can't make the
SecResponseBodyLimit
directive together withSecResponseBodyLimitAction Reject
block oversized responses from nginx. ModSecurity-nginx reports "Headers are already sent. Cannot perform the redirection at this point" toerror.log
. The client receives the response in full with code 200.The results are similar when I use a rule instead, e.g.
SecRule RESPONSE_CONTENT_LENGTH "@ge 10000" "phase:4,id:1,deny,log,msg:'Oversized response',status:403"
. There is "Headers are already sent" inerror.log
, but the client receives an empty response without status code. Three different status codes are reported in logs for this request: 500 is inaccess.log
, 200 inerror.log
, 403 in ModSecurity audit log.ModSecurity version: 3.0.5.
ModSecurity-nginx version: 1.0.2.
nginx version: 1.20.1.
nginx -V
info:The config of nginx is as follows:
In
/nginx/www
I have two text files, of whichjack.txt
is bigger than the response size limit of 10240 bytes:When I access them, both files are returned successfully:
The most relevant part of
error.log
is:In
modsec_audit.log
we see that ModSecurity assigned code 403 to the oversized response:Also, inspection of
modsec_debug.log
confirms that the request is to be rejected:Nevertheless, the client receives the response in full with code 200.
As far as I understand, when ModSecurity tries to block the response it's too late, as its headers have already been sent.
I've tried to debug the issue myself. As
error.log
shows, response headers are sent betweenngx_http_modsecurity_header_filter()
andngx_http_modsecurity_body_filter()
. Looking from GDB, the headers are sent byngx_http_header_filter()
at the end of the filter chain:This happens before response body processing and I can't see what should have stopped nginx from sending the headers before the body was checked by ModSecurity.
An archive file with all logs, config and data files mentioned above is attached.
nginx.zip
The text was updated successfully, but these errors were encountered: