During testing of the new MScan zip file uploader, which allows uploading multiple Plugin or Theme zip files I came across a strange problem. If ModSecurity is set to SecRuleEngine DetectionOnly in the /apache/conf/extra/modsecurity.conf file then ModSecurity will break some zip file uploads. Turning ModSecurity Off completely using: SecRuleEngine Off allows any/all zip files to be uploaded successfully. I don’t know why some zip file uploads work and others do not. There is no error message, there is nothing you can check, the form processing is halted without any ability to check for an error or problem. This “blind” error in itself is not that unusual for ModSecurity in general. Typically there is no indication of what might be going on for ModSecurity problems. You have to know ModSecurity is installed to even know to look at that as the cause for problems. So going by the ModSecurity error below what I assume happens is that even though ModSecurity was in DetectOnly mode it broke the zip file form upload because ModSecurity was unable to open the temporary file for reading.
This is the ModSecurity error that was logged: ModSecurity: Failed to open temporary file for reading
modsecurity.conf file
# -- Rule engine initialization ----------------------------------------------
# Enable ModSecurity, attaching it to every transaction. Use detection
# only to start with, because that minimises the chances of post-installation
# disruption.
#
# The possible values are:
# On: process rules
# Off: do not process rules
# DetectionOnly: process rules but never executes any disruptive actions (block, deny, drop, allow, proxy and redirect)
#
SecRuleEngine Off