mod-security2

问题 If mod_security is set to ON for the whole website, is there a way I can set specific pages to detection_only? Use case is that the application is used to configure websites, and use of CSS or js is very common, but very likely to make modsecurity throw an XSS rule exception. I'd like to detect those exceptions but not block them, on those pages only. However on all other pages I want rule exceptions to block. More gritty detail: The application is actually an IIS application running on

问题 If mod_security is set to ON for the whole website, is there a way I can set specific pages to detection_only? Use case is that the application is used to configure websites, and use of CSS or js is very common, but very likely to make modsecurity throw an XSS rule exception. I'd like to detect those exceptions but not block them, on those pages only. However on all other pages I want rule exceptions to block. More gritty detail: The application is actually an IIS application running on

问题 Receiving this ModSecurity error: ModSecurity: collection_store: Failed to write to DBM file "/tmp/default_SESSION": Invalid argument There is not a Rule ID associated with this error. I know I can disable by rule id using SecRuleRemoveById xxxxxx How can I disable writing to DBM file and/or locating the rules that are specifically causing this error? 回答1: Collections are initialised by rules 900020 and 900021 in the OWASP CRS in the modsecurity_crs_10_setup.conf file. They are primarily used

问题 Receiving this ModSecurity error: ModSecurity: collection_store: Failed to write to DBM file "/tmp/default_SESSION": Invalid argument There is not a Rule ID associated with this error. I know I can disable by rule id using SecRuleRemoveById xxxxxx How can I disable writing to DBM file and/or locating the rules that are specifically causing this error? 回答1: Collections are initialised by rules 900020 and 900021 in the OWASP CRS in the modsecurity_crs_10_setup.conf file. They are primarily used

问题 I want to disable this rule: [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:customize_changeset_uuid: a507417f-75f3-434e-ac8c-90b21b3b164d"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] For the directory /var/www

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago . I am new to mod security and was able to install it on my servers. However after its installation the website hosted is breaking up. After tracing the issue I was able to figure out that its not allowing me to pass url as a paramater in php code. eg: xyz.php?url= http://www.example.com/img/abc.jpg&param2=xyz Can

问题 I have a PHP script which handles callbacks from a payment processor. If the querystring 'result' contains double dashes followed by a single, we are getting a 403, e.g. /index.php?result=A--B- (returns 403) /index.php?result=A-B- (is OK) /index.php?result=A-B-- (is OK) /index.php?result=A--B (is OK) /index.php?result=A---B (returns 403) /index.php?result=A-B-C- (is OK) For this site, there are no rewrite rules in .htaccess or apache config . Loaded modules are as follows: core prefork http

问题 I need to block the GET request for a certain URI path. I'm using anomaly mode, but im using a straight block rule, I cannot get the rule to work properly example GET /secure/test/bla/bla/ example https://bla.bla.com/secure/test/bla/bla?www.test.com SecRule REQUEST_URI "@streq \/secure\/test\/bla\/bla\?.+" \ "phase:1,id:92,t:none,t:urlDecode,t:lowercase,t:normalizePath,deny,status:403,msg:'403 Access Denied',chain" SecRule REQUEST_METHOD "@streq post" "t:none,t:lowercase" Can I write this

问题 I have installed Mod Security using the following instructions: https://www.digitalocean.com/community/tutorials/how-to-set-up-modsecurity-with-apache-on-ubuntu-14-04-and-debian-8 It seems to be working fine, but I don't seem to be able to create exceptions for example for the WordPress login. I have added the following to my virtualhost file: <Directory "/var/www/domain.com/public_html/wp-admin"> <IfModule security2_module> SecRuleEngine Off </IfModule> </Directory> I have also tried the

问题 I just installed mod_security on my Apache2 web server. I activated all of the base_rules/ from OWASP CRS. I found a false positive by looking inside of /var/log/apache2/modsec_audit.log . The target URL is: /mobile//index.cfm?gclid=Cj0KEQjw_qW9BRCcv-Xc5Jn-26gBEiQAM-iJhcydtemGoKm4rCJ7gbEgz5qL-MXF0tMh5BkaxVPZPYwaAvhW8P8HAQ The error log is: Message: Warning. Pattern match "([\~\!\@\#\$\%\^\&\*\(\)\-\+\=\{\}\[\]\|\:\;\"\'\\xc2\xb4\\xe2\x80\x99\\xe2\x80\x98\`\<\>].*?){4,}" at ARGS:gclid. [file "