mod-security

问题 I just installed mod_security on my Apache2 web server. I activated all of the base_rules/ from OWASP CRS. I found a false positive by looking inside of /var/log/apache2/modsec_audit.log . The target URL is: /mobile//index.cfm?gclid=Cj0KEQjw_qW9BRCcv-Xc5Jn-26gBEiQAM-iJhcydtemGoKm4rCJ7gbEgz5qL-MXF0tMh5BkaxVPZPYwaAvhW8P8HAQ The error log is: Message: Warning. Pattern match "([\~\!\@\#\$\%\^\&\*\(\)\-\+\=\{\}\[\]\|\:\;\"\'\\xc2\xb4\\xe2\x80\x99\\xe2\x80\x98\`\<\>].*?){4,}" at ARGS:gclid. [file "

问题 The mod_security configuration in Apache, on the CWP7.admin, generates a 403 access denied error when running Grav CMS: [Thu Mar 21 15:40:47.967502 2019] [:error] [pid 21727:tid 140715786946304] [client 186.67.206.59:57900] [client 186.67.206.59] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){8,}" at REQUEST_COOKIES:grav-tabs-state. [file "/usr/local

问题 In modsecurity default-script: base_rules/modsecurity_crs_20_protocol_violations.conf there is a rule, 960011: SecRule REQUEST_METHOD "^(?:GET|HEAD)$" \ "msg:'GET or HEAD Request with Body Content.',\ severity:'2',\ id:'960011',\ ver:'OWASP_CRS/2.2.9',\ rev:'1',\ maturity:'9',\ accuracy:'9',\ phase:1,\ block,\ logdata:'%{matched_var}',\ t:none,\ tag:'OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ',\ tag:'CAPEC-272',\ chain" SecRule REQUEST_HEADERS:Content-Length "!^0?$"\ "t:none,\ setvar:'tx.msg=%

问题 I used this rule to block country in Mod_security : (I already configured @geoLookup with the maxmide lite database .dat) # Test IP address and block by country code SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:10,drop,log,msg:'Blocking China IP Address'" SecRule GEO:COUNTRY_CODE "@streq CN" But it doesn't work, no ip logged. I tried with a different country and it does not work. Any help? Thank you. 来源： https://stackoverflow.com/questions/33611280/apache-mod-security-blocking-country

问题 I got this error on my Cpanel server. It doesn't happen on every update, just some SQL. [Sat Mar 11 03:48:18.409435 2017] [:error] [pid 31376:tid 140202228020992] [client 180.253.119.171] ModSecurity: Access denied with code 500 (phase 2). Pattern match "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" at ARGS:description. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "254"] [id "300015"] [rev "1"] [msg "Generic SQL injection

问题 I'm on a VPS environment so I have root access, btw. So take a look at these issues: http://www.sonikastudios.com/wp-content/themes/sonikas/scripts/timthumb.php?src=/wp-content/uploads/tedleescreenshot1.jpg&w=100&h=100&zc=1&q=100 That returns a 404 error. However when I move timthumb.php to the root of the site, it works. I verified file/folder permissions, it's not the issue. Also, another PHP generated image that i use for Captcha, is doing the same thing... So essentially it boils down to

问题 As far as I've tried, none of the usual solutions works for me. Well, my problem, I'm receiving an 500 Error every time I upload a "large file" (600 KB ~), with smaller images it works fine. So..., even with this (extreme) .htaccess file it keeps happening, and yes, .htaccess are active: upload_max_filesize = 100M post_max_size = 100M memory_limit = 128M max_input_time = 6000 max_execution_time = 6000 So, I take a look at the logs and find this (is only one line, just pasted it as easy to

问题 Hi guys I am running mp3 songs download website when I try to download song I get this error. Not Acceptable! An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security. My website is http://www.playlist.pk/ you can see to try by download any song. kindly inform me how I can solve this error? 回答1: I had bought my domain 3 months ago. Even I used to get same error. I tried to search in google and found .htaccess code that

问题 I have installed Owasp ModSecurity, after that all pages on my application have this rule alert. ModSecurity: Warning. Match of "eq 1" against "&ARGS:CSRF_TOKEN" required. [file "/etc/modsecurity/activated_rules/modsecurity_crs_43_csrf_protection.conf"] [line "31"] [id "981143"] [msg "CSRF Attack Detected - Missing CSRF Token."] I also tried to create a blank php file just to check, same rule alert is shown. From this point I assume that the problem is not code level any more. Here is the

问题 I've created a Wordpress plugin which became popular but I'm getting lots of complaints that it's not working. After logging in to many user's WP websites(after asking for admin password) I noticed that the last problem I can't easily solve is mod_security and mod_security2 blocking some AJAX requests or .htaccess which is causing 500 error on some configurations. So first of all why is this piece of code causing some servers to return 500 error <IfModule mod_security2.c> SecRuleRemoveById