Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

memoryLimit reached while writing #291

Open
i5-650 opened this issue Aug 18, 2024 · 2 comments
Open

memoryLimit reached while writing #291

i5-650 opened this issue Aug 18, 2024 · 2 comments

Comments

@i5-650
Copy link

i5-650 commented Aug 18, 2024

Description

I'm developing a PHP application that handles image uploads to a server. The application is straightforward and primarily serves as a testbed for using Traefik and its plugins.

While integrating the Coraza plugin with Traefik, I encountered the following error:
ERR Failed to read request body tx_id="MgnMwDtswTYfBQTgNZy" error="memoryLimit reached while writing" entryPointName=https middlewareName=coraza-owasp@file middlewareType=wasm routerName=php_uploader@docker
if the image is bigger than 1MB

and:

DBG github.com/traefik/traefik/v3/pkg/server/service/proxy.go:100 > 500 Internal Server Error error="net/http: HTTP/1.x transport connection broken: http: ContentLength=113348 with Body length 0"
If the image is smaller than 1MB

Steps to reproduce

The PHP app:

<?php 

if(isset($_POST) && isset($_POST['submit']) && isset($_FILES) && isset($_FILES['files'])) {
    $email = $_POST['email'];
    create_dir_if_not_exists("./uploads/$username");
    $total = count($_FILES['files']['name']);
    $isOk = true;

    for($i = 0; $i < $total; $i++) {
        $tmp_file = $_FILES['files']['tmp_name'][$i];

        if(!is_acceptable_file($tmp_file)) {
            return;
        }

        if($tmp_file != "") {
            $new_fil = "imagine code here";
            $isOk &= move_uploaded_file($tmp_file, $new_file); 
        }
    }
    // Redirect...
}
?>
<html>
    <! -- imagine the rest of the code here -->
    <form action="/" method="post" enctype="multipart/form-data" >
                    <label for="email">Email </label>
                    <input type="email" id="email" name="email" required/>
                    <label for="files"> File(s) to send:</label>
                    <input type="file" name="files[]" id="files" multiple accept="image/*" required />
                </div>
                <button type="submit"name="submit"> Upload Images !</button>
    </form>
</html>

and the following labels:

        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.php_uploader.rule=Host(`localhost`)"
            - "traefik.http.services.php_uploader.loadbalancer.server.port=80"
            - "traefik.http.routers.php_uploader.entrypoints=https"
            - "traefik.http.routers.php_uploader.tls=true"
            - "traefik.http.routers.php_uploader.middlewares=coraza-owasp@file,cloudflarewarp@file"

The Traefik:
v3.1.2 (image id: dfdbdfae3fb3)

The Coraza middleware:
v0.2.2

http:
    middlewares: 
        coraza-owasp:
            plugin: 
                coraza:
                    directives: 
                        - Include @coraza.conf-recommended
                        - Include @crs-setup.conf.example
                        - Include @owasp_crs/*.conf
                        # I tried to disable the rule that stops me
                        - SecRuleRemoveByTag 'OWASP_CRS/POLICY/SIZE_LIMIT'
                        - SecRuleEngine On

Expected result

I should have the images uploaded to my server, the .ini file is edited to allow so and it works without the Coraza middleware.

Actual result

I have this error:

ERR Failed to read request body tx_id="MgnMwDtswTYfBQTgNZy" error="memoryLimit reached while writing" entryPointName=https middlewareName=coraza-owasp@file middlewareType=wasm routerName=php_uploader@docker

or

DBG github.com/traefik/traefik/v3/pkg/server/service/proxy.go:100 > 500 Internal Server Error error="net/http: HTTP/1.x transport connection broken: http: ContentLength=113348 with Body length 0"

And the server returns a 500.

@i5-650
Copy link
Author

i5-650 commented Aug 18, 2024

Update:

I figured out that it's linked to the issue #280.

If you simply disable the body processing (SecRequestBodyAccess Off), it works fine.

@M4tteoP
Copy link
Member

M4tteoP commented Aug 27, 2024

Hey @i5-650, reading about Traefik and Coraza middleware v0.2.2 makes me think that the issue belongs to the http-wasm connector (here is the proxy-wasm one, similar names, but different ABI and Coraza connector): https://github.com/jcchavezs/coraza-http-wasm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants