Can't post files larger than 24 kBytes via forms using NAT port forwarding
-
I have made a simple test page where I can post files using a standard HTML form:
<form name="AttachmentForm" id="AttachmentForm" enctype="multipart/form-data" method="post" format="HTML" action="upload.cfm"> <input type="file" name="uploadimage" id="uploadimage" value=""> <input type="submit" value="Upload Image" name="submit"> </form>
It's posting to a just as simple Lucee CFML script (just for testing):
<cfset savedUploadsPath = "/opt/lucee/tomcat/webapps/ROOT/files"> <cfif Not DirectoryExists( savedUploadsPath )> <cfset DirectoryCreate( savedUploadsPath )> </cfif> <cfif structKeyExists(form,"uploadimage")> <cffile action="upload" nameconflict="overwrite" filefield="form.uploadimage" destination="#savedUploadsPath#" result="fileresult"> <cfelse> No struct exists<BR> </cfif> <cfif isDefined("form.uploadimage") AND form.uploadimage NEQ ""> <CFOUTPUT> Uploaded file <STRONG>#fileresult.ServerFile#</STRONG><BR /> File size <STRONG>#trim(fileresult.FileSize)#</STRONG> bytes<BR /> File overwrite="#fileresult.FileWasOverwritten#"<BR /> </CFOUTPUT> <cfelse> form.uploadimage is not defined<BR> </cfif>
This works perfectly with no issues at all as long as I just post files smaller than approximately 25 kBytes, 'sometimes' not even that.
(Smaller than 10 kBytes always get through.) Any larger than that and I get everything from "crbug/1173575, non-JS module files deprecated." errors in the web browser console to Error 500 or sometimes nothing at all.I know that the first response is to check the settings in the Lucee tomcat installation (Linux Ubuntu 20.04) and adding configs like:
<multipart-config> <max-file-size>52428800</max-file-size> <max-request-size>52428800</max-request-size> <file-size-threshold>0</file-size-threshold> </multipart-config>
to the web.xml file and:
connectionUploadTimeout="72000000" disableUploadTimeout="false" maxPostSize="67589953" connectionTimeout="60000"
to the <Connector> in the server.xml file.
I have spent an entire weekend doing this and many many other things until I realized that it actually works perfectly with > 50 Mbytes files when I access my web server directly using the local IP address : port and not going via the pfSense firewall. (Current Base System 2.5.1)
The web server uses a SSL certificate and is listening (locally) on port 8443. The pfSense firewall have a NAT rule forwarding incoming requests to the standard SSL port 443 --> 8443. This works like a charm for the entire web site on that machine regardless of any sizes of any files, images, scripts etc.
The issue I have is only related to incoming file POSTs via forms.
I have spent hours of experimenting with different NAT reflection settings like NAT, NAT+Proxy, Disabled etc.
I have also tried with and without "Clear invalid DF bits instead of dropping the packets" for the "IP Do-Not-Fragment" compatibility.
I have tested with and without all possible combinations of checkboxes in the page
Also tried many combination of checkboxes in the System - Advanced - Firewall & NAT page, like: "Hardware Large Receive Offloading" and others.But the total combinations is almost infinite, so I need help to solve this issue.
/ Roger G
-
I've spent a couple of days figuring out a solution of my problem.
I hope that this post will spare someone else many hours of frustration. ;)By changing the Tomcat (ver 9.0.31) server.xml settings so that the <Connector> used by my HTTPS-server uses...
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
and not...
protocol="org.apache.coyote.http11.Http11NioProtocol"
... the POST of files using HTTPS (I'm using "Let's Encrypt") works perfectly!
(It seems to work with any NAT reflection combinations as well.)