Getting ModSecurity: Access denied with code 44 on Laravel Form Submit

Question

I am trying to submit a form in Laravel but getting this error:

ModSecurity: Access denied with code 44 (phase 2). Match of "eq 0" against "MULTIPART_STRICT_ERROR" required. [file "/etc/httpd/conf.d/mod_security.conf"] [line "31"] [id "200002"] [msg "Multipart request body failed strict validation: PE 0, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM 0, IQ 1, IP 0, IH 0, FL 0"]

No file upload nothing, it's just simple form submit.

I tried without special chars in form data but still getting this error.

Any suggestions?

I tried submitting data w/o special chars I tried (earlier) uploading a file w/o special chars in the file name

Answer 1

OWASP ModSecurity Core Rule Set Dev on Duty here. The following line provides some hints about what has been triggered:

PE 0, BQ 0, BW 0, DB 0, DA 0, HF 0, LF 0, SM 0, IQ 1, IP 0, IH 0, FL 0

Specifically IQ 1, shows that the error is MULTIPART_INVALID_QUOTING (See modsecurity.conf-recommended rule 200003).

• Even if you are not uploading a file, it seems that the request is still considered an upload of some sort, and the multipart parser tries to deal with it. Is your request containing quoting elements, like single quotes? (Interesting related conversation)
• Also, could you provide some more details about the environment and the ModSecurity version you are using? There seems to be a misalignment between the id reported in your log and the actual message (reported rule 200002 with a message of rule 200003), and it can be a customization of that file, or a pretty old one (Status code 44 has been changed about 10 years ago).