Bug - Can't upload large Compliance Packages

JonR · January 9, 2024, 12:27am

Hiya, I’m trying to upload the NIST SP 800-53v5 CSV that I’ve downloaded from ermaba.org, but it fails without an obvious error message, the screen just stays grey.

In Chrome’s dev tools I can see that the upload script gives a 403 forbidden:
https://eramba.example.com/compliance-import/upload/CompliancePackageItems?modalId=1

I was able to upload the NIST CSF CSV fine, but it’s only 98 rows whereas the SP800 is 1,200 rows. Also when I take the first 10 or so rows and up them in another CSV file, they will import fine.

So I’m guessing it’s a size issue somewhere, the CSV file is only 1MB, so I doubt it’s that, I’ve looked at docker top and it doesn’t seem to have any RAM or CPU issues. The logs don’t show any reason for this either.

Running the latest version of Eramba, no errors on the debug page. Plenty of disk space, 4GB RAM & 10GB of Swap.

sam · January 9, 2024, 11:43am

Hello Jon,

Can you share logs from docker and eramba and send them to support@eramba.org?
Regarding the error, is there something in front of the eramba? Proxy or load balancer that can be blocking or timeouting?

JonR · January 9, 2024, 10:47pm

Thanks for that - the combination of your thoughts about the proxy and the fact there is nothing in the Eramba logs made me realise that it was the Cloudflare proxy that was causing the issue. When we went direct we were able to upload the larger package.

Thanks!