I had the problem that since I had activated ModSecurity, my Nextcloud instance no longer worked.
A lot of searching on the internet did not find a solution. Also the deactivation of various rules in Mod Security was only of moderate success.
Until I finally found the right solution.
One must in the file
/usr/local/lsws/conf/modsec/owasp-modsecurity-crs-3.0-master/crs-setup.conf
re-enable an uncommented paragraph. This is specifically to make WebDAV run with ModSecurity.
Turns off:
HTTP methods that a client is allowed to use.
Default: GET HEAD POST OPTIONS
Example: for RESTful APIs, add the following methods: PUT PATCH DELETE
**# Example: for WebDAV, add the following methods: CHECKOUT COPY DELETE LOCK
MERGE MKACTIVITY MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK**
Uncomment this rule to change the default.
#SecAction \
"id:900200,\
phase:1,\
nolog,\
pass,\
t:none,\
setvar:‘tx.allowed_methods=GET HEAD POST OPTIONS’"
to:
SecAction
“id:900200,
phase:1,
nolog,
pass,
t:none,
setvar:‘tx.allowed_methods=GET HEAD POST OPTIONS CHECKOUT COPY DELETE LOCK MERGE MKACTIVITY MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK REPORT SEARCH’”
and it will work.
I found it there: mod_security Anpassungen für Nextcloud LBM Services - Web-Development