Error importing backup #650

New Issue

Closed

opened 2025-10-09 16:43:51 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2025-10-09 16:43:51 +03:00

Owner

Copy Link

Originally created by @HumaLock on GitHub.

<html><head> </head>

Bad Request

Your browser sent a request that this server could not understand.

</html>

Configured according to this example

https://github.com/dani-garcia/vaultwarden/wiki/Docker---Traefik---ModSecurity-Setup

I get the error above. In addition, registration does not work even though it is allowed.
When installing, Traefik does not receive a certificate from Lats Encrypt, so CloudFlare TLS Full mode is used. Which allows you to get a working system even when using a self-signed certificate. Perhaps this is the problem. Or there may be a bug in the program. Docker compose config one to one from the example.

Originally created by @HumaLock on GitHub. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> </body></html> Configured according to this example https://github.com/dani-garcia/vaultwarden/wiki/Docker---Traefik---ModSecurity-Setup I get the error above. In addition, registration does not work even though it is allowed. When installing, Traefik does not receive a certificate from Lats Encrypt, so CloudFlare TLS Full mode is used. Which allows you to get a working system even when using a self-signed certificate. Perhaps this is the problem. Or there may be a bug in the program. Docker compose config one to one from the example.

OVERLORD closed this issue 2025-10-09 16:43:51 +03:00

OVERLORD commented 2025-10-09 16:43:53 +03:00

Author

Owner

Copy Link

@HumaLock commented on GitHub:

"response":{"protocol":"HTTP/1.1","status":400,"headers":{"Content-Length":"226","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":"\n<html><head>\n\n</head>\n

Bad Request

\n

Your browser sent a request that this server could not understand.
\n

\n</html>\n"},"audit_data":{"messages":["JSON parsing error: parse error: client cancelled parse via callback return value\n","Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity.d/modsecurity.conf"] [line "72"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: client cancelled parse via callback return value\x0a"] [severity "CRITICAL"]"],"error_messages":["[file "apache2_util.c"] [line 275] [level 3] [client 162.158.175.74] ModSecurity: JSON parsing error: parse error: client cancelled parse via callback return value\\n [hostname "vaultbox.pro"] [uri "/api/ciphers/import"] [unique_id "ZU5mbYc5UkatpQu_jTHDmgAAAFU"]","[file "apache2_util.c"] [line 275] [level 3] [client 162.158.175.74] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity.d/modsecurity.conf"] [line "72"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: client cancelled parse via callback return value\\\\x0a"] [severity "CRITICAL"] [hostname "vaultbox.pro"] [uri "/api/ciphers/import"] [unique_id "ZU5mbYc5UkatpQu_jTHDmgAAAFU"]"],"action":{"intercepted":true,"phase":2,"message":"Match of "eq 0" against "REQBODY_ERROR" required."},"handler":"proxy-server","stopwatch":{"p1":771,"p2":36,"p3":0,"p4":0,"p5":255,"sr":201,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/)","OWASP_CRS/3.3.5"],"server":"Apache/2.4.57 (Unix) OpenSSL/3.0.11","engine_mode":"ENABLED"}}

The same thing only in an easy to read form

---

HTTP Response

• Protocol: HTTP/1.1
• Status: 400 Bad Request
• Headers:
  • Content-Length: 226
  • Connection: close
  • Content-Type: text/html; charset=iso-8859-1

Response Body

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>

Audit Data

• Messages:
  • JSON parsing error: parse error: client cancelled parse via callback return value
  • Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity.d/modsecurity.conf"] [line "72"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: client cancelled parse via callback return value\n"] [severity "CRITICAL"]
• Error Messages:
  • [file "apache2_util.c"] [line 275] [level 3] [client 162.158.175.74] ModSecurity: JSON parsing error: parse error: client cancelled parse via callback return value\n [hostname "vaultbox.pro"] [uri "/api/ciphers/import"] [unique_id "ZU5mbYc5UkatpQu_jTHDmgAAAFU"]
  • [file "apache2_util.c"] [line 275] [level 3] [client 162.158.175.74] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity.d/modsecurity.conf"] [line "72"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: client cancelled parse via callback return value\n"] [severity "CRITICAL"] [hostname "vaultbox.pro"] [uri "/api/ciphers/import"] [unique_id "ZU5mbYc5UkatpQu_jTHDmgAAAFU"]
• Action:
  • Intercepted: true
  • Phase: 2
  • Message: Match of "eq 0" against "REQBODY_ERROR" required.
• Handler: proxy-server
• Stopwatch:
  • p1: 771
  • p2: 36
  • p3: 0
  • p4: 0
  • p5: 255
  • sr: 201
  • sw: 1
  • l: 0
  • gc: 0
• Response Body Dechunked: true
• Producer:
  • ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/)
  • OWASP_CRS/3.3.5
• Server: Apache/2.4.57 (Unix) OpenSSL/3.0.11
• Engine Mode: ENABLED

---

@HumaLock commented on GitHub: "response":{"protocol":"HTTP/1.1","status":400,"headers":{"Content-Length":"226","Connection":"close","Content-Type":"text/html; charset=iso-8859-1"},"body":"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>400 Bad Request</title>\n</head><body>\n<h1>Bad Request</h1>\n<p>Your browser sent a request that this server could not understand.<br />\n</p>\n</body></html>\n"},"audit_data":{"messages":["JSON parsing error: parse error: client cancelled parse via callback return value\n","Access denied with code 400 (phase 2). Match of \"eq 0\" against \"REQBODY_ERROR\" required. [file \"/etc/modsecurity.d/modsecurity.conf\"] [line \"72\"] [id \"200002\"] [msg \"Failed to parse request body.\"] [data \"JSON parsing error: parse error: client cancelled parse via callback return value\\x0a\"] [severity \"CRITICAL\"]"],"error_messages":["[file \"apache2_util.c\"] [line 275] [level 3] [client 162.158.175.74] ModSecurity: JSON parsing error: parse error: client cancelled parse via callback return value\\\\n [hostname \"vaultbox.pro\"] [uri \"/api/ciphers/import\"] [unique_id \"ZU5mbYc5UkatpQu_jTHDmgAAAFU\"]","[file \"apache2_util.c\"] [line 275] [level 3] [client 162.158.175.74] ModSecurity: Access denied with code 400 (phase 2). Match of \"eq 0\" against \"REQBODY_ERROR\" required. [file \"/etc/modsecurity.d/modsecurity.conf\"] [line \"72\"] [id \"200002\"] [msg \"Failed to parse request body.\"] [data \"JSON parsing error: parse error: client cancelled parse via callback return value\\\\\\\\x0a\"] [severity \"CRITICAL\"] [hostname \"vaultbox.pro\"] [uri \"/api/ciphers/import\"] [unique_id \"ZU5mbYc5UkatpQu_jTHDmgAAAFU\"]"],"action":{"intercepted":true,"phase":2,"message":"Match of \"eq 0\" against \"REQBODY_ERROR\" required."},"handler":"proxy-server","stopwatch":{"p1":771,"p2":36,"p3":0,"p4":0,"p5":255,"sr":201,"sw":1,"l":0,"gc":0},"response_body_dechunked":true,"producer":["ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/)","OWASP_CRS/3.3.5"],"server":"Apache/2.4.57 (Unix) OpenSSL/3.0.11","engine_mode":"ENABLED"}} The same thing only in an easy to read form --- ### HTTP Response - **Protocol:** HTTP/1.1 - **Status:** 400 Bad Request - **Headers:** - Content-Length: 226 - Connection: close - Content-Type: text/html; charset=iso-8859-1 ### Response Body ```html <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> </body></html> ``` ### Audit Data - **Messages:** - JSON parsing error: parse error: client cancelled parse via callback return value - Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity.d/modsecurity.conf"] [line "72"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: client cancelled parse via callback return value\n"] [severity "CRITICAL"] - **Error Messages:** - [file "apache2_util.c"] [line 275] [level 3] [client 162.158.175.74] ModSecurity: JSON parsing error: parse error: client cancelled parse via callback return value\n [hostname "vaultbox.pro"] [uri "/api/ciphers/import"] [unique_id "ZU5mbYc5UkatpQu_jTHDmgAAAFU"] - [file "apache2_util.c"] [line 275] [level 3] [client 162.158.175.74] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity.d/modsecurity.conf"] [line "72"] [id "200002"] [msg "Failed to parse request body."] [data "JSON parsing error: parse error: client cancelled parse via callback return value\n"] [severity "CRITICAL"] [hostname "vaultbox.pro"] [uri "/api/ciphers/import"] [unique_id "ZU5mbYc5UkatpQu_jTHDmgAAAFU"] - **Action:** - Intercepted: true - Phase: 2 - Message: Match of "eq 0" against "REQBODY_ERROR" required. - **Handler:** proxy-server - **Stopwatch:** - p1: 771 - p2: 36 - p3: 0 - p4: 0 - p5: 255 - sr: 201 - sw: 1 - l: 0 - gc: 0 - **Response Body Dechunked:** true - **Producer:** - ModSecurity for Apache/2.9.7 (http://www.modsecurity.org/) - OWASP_CRS/3.3.5 - **Server:** Apache/2.4.57 (Unix) OpenSSL/3.0.11 - **Engine Mode:** ENABLED ---

OVERLORD commented 2025-10-09 16:43:53 +03:00

Author

Owner

Copy Link

@HumaLock commented on GitHub:

I can provide any logs to help solve the problem. And participate in the analysis

@HumaLock commented on GitHub: I can provide any logs to help solve the problem. And participate in the analysis

OVERLORD commented 2025-10-09 16:43:53 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub:

This doesn't look like a Vaultwarden error too me.
What do the Vaultwarden logs say?

This more looks like a middleware issue too me.

@BlackDex commented on GitHub: This doesn't look like a Vaultwarden error too me. What do the Vaultwarden logs say? This more looks like a middleware issue too me.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

test_dylint

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

bug

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#650