Hi all.
There is a bug in Apache WAF POST filter.
Steps:
- Enable Apache WAF POST Filter option for your website
- Send the requst:
curl --location 'your-website' \
--header 'connection: close' \
--header 'accept-encoding: gzip, deflate' \
--header 'content-type: application/json' \
--header 'host: your-website' \
--data '{"update_id":284477467,
"message":{"message_id":941,"from":{"id":123,"is_bot":false,"first_name":"123","last_name":"123","username":"123","language_code":"en"},"chat":{"id":123,"first_name":"123","last_name":"123","username":"123","type":"private"},"date":1691872141,"document":{"file_name":"photo_2023-08-12_23-29-01.jpg","mime_type":"image/jpeg","thumbnail":{"file_id":"AAMCAgADGQEAAgOtZNfrjdkeY_R9HHPwhhou6Yqh3-EAAiMvAAI0acFKKvEKx60LkB4BAAdtAAMwBA","file_unique_id":"AQADIy8AAjRpwUpy","file_size":21639,"width":240,"height":320},"thumb":{"file_id":"AAMCAgADGQEAAgOtZNfrjdkeY_R9HHPwhhou6Yqh3-EAAiMvAAI0acFKKvEKx60LkB4BAAdtAAMwBA","file_unique_id":"AQADIy8AAjRpwUpy","file_size":21639,"width":240,"height":320},"file_id":"BQACAgIAAxkBAAIDrWTX643ZHmP0fRxz8IYaLumKod_hAAIjLwACNGnBSirxCsetC5AeMAQ","file_unique_id":"AgADIy8AAjRpwUo","file_size":136157}}}'
Actual result:
Apache response is Bad Request 400: Your browser sent a request that this server could not understand.
There is an error in log: [proxy:error] Unknown error 500: AH01095: prefetch request body failed to 0.0.0.0:0 (httpd-UDS)
If I disabled all rules in POST filter, the error still appears.
If I disabled the POST filter option at all, the error dissapears.
Also there are not any log records in WAF about these blocked requests.