Fixed Mcirosoft Edge / HTML 5 Uploader / Cloudflare WAF

Pierce · Jan 24, 2017

using ms edge, causes this trigger.

Before you ask... yes I disabled the rule and it loses its self with OWASP rules....

Yes its ms edge.

Yes somebody uses it.

Yes I had to disable the awesome html 5 uploader you guys have worked so hard on.

Yes I am submitting a bug report

Yes I am sorry

Yes I know, I know I know

Lawrence · Jan 24, 2017

Could this be related to drag & drop? MS Edge does not support it.

Pierce · Jan 24, 2017

I am clicking upload a file.

It works perfectly if I disable WAF.

Amin Sabet · Jan 31, 2017

Pierce said:
using ms edge, causes this trigger.

Before you ask... yes I disabled the rule and it loses its self with OWASP rules....

Yes its ms edge.

Yes somebody uses it.

Yes I had to disable the awesome html 5 uploader you guys have worked so hard on.

Yes I am submitting a bug report

Yes I am sorry

Yes I know, I know I know

Thanks for reporting this one.

My members reported the problem here: https://www.mu-43.com/threads/error-posting-images.89427/

I confirmed their issue to be the same one you are reporting.

Pierce said:
Before you ask... yes I disabled the rule and it loses its self with OWASP rules....

Can you explain what you mean by "loses its self"? If you turn "Cloudflare Specials" in WAF, does the problem go away, or do the OWASP rules also have to be turned off to stop the problem?

ehd · Jan 31, 2017

I had the same problem. A page rule helped. I'll post it asap.

ehd · Jan 31, 2017

use:

www.yoursite.com/forum/*/do-upload.json*

Amin Sabet · Jan 31, 2017

Thanks! Like this?

ehd · Jan 31, 2017

That should do the trick. I chose: disable security.

Amin Sabet · Jan 31, 2017

It seems to be working well. Thanks again for the tip!

Pierce · Jan 31, 2017

ehd said:
use:

www.yoursite.com/forum/*/do-upload.json*

Thats pretty slick. I keep forgetting about the power of those page rules!

However I would like a proper fix to this at some point

Thanks,
Pierce

Mike · Feb 2, 2017

I believe I have a workaround for this. It appears to be related to a bug in Edge with regards to how it handles an undefined file type in the file read function. It sends a content type of "undefined" to the server. I overrode this to an empty string which is the spec-defined default, which makes it send application/octet-string (what the other browsers send already). This appears to bypass the WAF rule.

One of the workarounds mentioned above is an easy way to solve it, as is disabling the 100011 rule directly. Alternatively, you can overwrite js/xenforo/attachment_editor_new.js with our version here: https://xenforo.com/community/js/xenforo/min/attachment_editor_new.js Note that you will need to hard refresh to ensure that you aren't pulling from cached JS.

Brent W · Mar 23, 2017

Mike said:
I believe I have a workaround for this. It appears to be related to a bug in Edge with regards to how it handles an undefined file type in the file read function. It sends a content type of "undefined" to the server. I overrode this to an empty string which is the spec-defined default, which makes it send application/octet-string (what the other browsers send already). This appears to bypass the WAF rule.

One of the workarounds mentioned above is an easy way to solve it, as is disabling the 100011 rule directly. Alternatively, you can overwrite js/xenforo/attachment_editor_new.js with our version here: https://xenforo.com/community/js/xenforo/min/attachment_editor_new.js Note that you will need to hard refresh to ensure that you aren't pulling from cached JS.

Is this in the latest version because I just had this triggered on 1.5.13

Mike · Mar 23, 2017

It should be. Worth checking that the latest version of the file is being delivered (I've seen CDNs not update, depending on settings).

Brent W · Mar 23, 2017

Mike said:
It should be. Worth checking that the latest version of the file is being delivered (I've seen CDNs not update, depending on settings).

I cleared CloudFlare's cache of that file and will monitor it.

Brent W · Mar 31, 2017

I am still getting this (purged cache from CloudFlare).

Code:

{
  "id": "3484357ba845380a",
  "country": "US",
  "ip": "75.131.113.23",
  "protocol": "HTTP/2",
  "method": "POST",
  "host": "www.christianforums.com",
  "user_agent": "Mozilla/5.0 (Linux; Android 7.1.1; Pixel Build/NOF27B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Mobile Safari/537.36",
  "uri": "/attachments/do-upload.json?hash=5cc7fa470b07cc17e5a48d6dff18c010&content_type=post",
  "request_duration": 0,
  "triggered_rule_ids": [
    "100011"
  ],
  "action": "block",
  "cloudflare_location": "ATL",
  "occurred_at": "2017-03-31T15:05:48.1Z",
  "rule_detail": [
    {
      "id": "",
      "description": "ARGS:UPLOAD"
    }
  ],
  "rule_message": "Request arguments containing NUL byte",
  "type": "waf",
  "rule_id": "100011",
  "zone_id": "a4cf2ba1548dd21e9766a88865a21265",
  "cookie": ""
}

Fixed Mcirosoft Edge / HTML 5 Uploader / Cloudflare WAF

Pierce

Well-known member

Lawrence

Well-known member

Pierce

Well-known member

Amin Sabet

Well-known member

ehd

Well-known member

ehd

Well-known member

Amin Sabet

Well-known member

ehd

Well-known member

Amin Sabet

Well-known member

Pierce

Well-known member

Mike

XenForo developer

Brent W

Well-known member

Mike

XenForo developer

Brent W

Well-known member

Brent W

Well-known member

Similar threads

We value your privacy