[Bug] Uploading .exe files still triggers OOM even when site-level WAF is disabled; only disabling global WAF avoids it

### Contact Information

curtion@126.com

### 1Panel Version

专业版 v2.2.2

### Problem Description

原始故障为一个反向代理网站, 但是经过我的测试直接创建一个静态网站也可以复现。

测试下来exe文件为4.8M就会直接OOM, 上传200KB的exe就正常, 猜测是服务器剩余内存大小有关系(问题复现的服务器是2G, 剩余内存300MB)。

于是我更换了一个8G服务器，发现上传exe文件时openresty从待机的18MB内存占用暴涨到850MB。

### Steps to Reproduce

1. 使用1panel创建静态网站
2. `curl.exe -v -X POST -F "file=@xxx_x64-setup.exe;type=application/octet-stream" https://xxx.xxx.xxx`
3. 发现openresty触发OOM
4. 关闭网站级WAF依然触发
5. 关闭全局WAF恢复正常

### The expected correct result

期望关闭网站WAF时恢复正常

### Related log output

```shell
OpenResty日志:

2026/06/22 11:12:39 [notice] 1#1: signal 17 (SIGCHLD) received from 167
2026/06/22 11:12:39 [alert] 1#1: worker process 167 exited on signal 9
2026/06/22 11:12:39 [notice] 1#1: start worker process 169
2026/06/22 11:12:39 [notice] 1#1: signal 29 (SIGIO) received


dmesg -T | grep -iE "killed process|oom|out of memory" | tail -20

[Mon Jun 22 11:12:36 2026] systemd invoked oom-killer: gfp_mask=0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), order=0, oom_score_adj=0
[Mon Jun 22 11:12:36 2026]  oom_kill_process.cold+0xb/0x10
[Mon Jun 22 11:12:36 2026] [  pid  ]   uid  tgid total_vm      rss pgtables_bytes swapents oom_score_adj name
[Mon Jun 22 11:12:36 2026] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=init.scope,mems_allowed=0,global_oom,task_memcg=/system.slice/docker-4644ea297aabf32f64d644081eabb46832f0505df7e31648410db33fdb620c3a.scope,task=openresty,pid=94235,uid=0
[Mon Jun 22 11:12:36 2026] Out of memory: Killed process 94235 (openresty) total-vm:1150992kB, anon-rss:519068kB, file-rss:4kB, shmem-rss:496kB, UID:0 pgtables:1168kB oom_score_adj:0
```

### Additional Information

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Bug] Uploading .exe files still triggers OOM even when site-level WAF is disabled; only disabling global WAF avoids it #13091

Contact Information

1Panel Version

Problem Description

Steps to Reproduce

The expected correct result

Related log output

Additional Information

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Uh oh!

[Bug] Uploading .exe files still triggers OOM even when site-level WAF is disabled; only disabling global WAF avoids it #13091

Description

Contact Information

1Panel Version

Problem Description

Steps to Reproduce

The expected correct result

Related log output

Additional Information

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions