mod-security | 易学教程

Webpage returning HTTP 406 error only when connecting from Qt

阅读更多关于 Webpage returning HTTP 406 error only when connecting from Qt

问题 I have a test page setup at http://mlecturedownload.com/test-qt.php that has the following code: <?php $foo = $_GET['foo']; if ($foo == "0" || $foo == "1") { echo $foo; } else { echo "Invalid foo"; } Going to this page in a web browser and modifying the value of foo works fine, and using curl works fine as well. But when I send a request from Qt I get an HTTP 406 error code, which means "Not acceptable". Here is how I make the request: void MainWindow::on_send_clicked() { QString url = "http:

SSL slow. Establishing secure connection taking too long

阅读更多关于 SSL slow. Establishing secure connection taking too long

问题 I have a dedicated server with 256GB RAM 6 CPUs (12 Threads) on Hetzner, and it is located in Germany. I have CENTOS 7.5 . EA4 . My problem is with SSL. Every day for about 2 hours , we have 40 requests in one second and finishing requests takes about 20 seconds . Non-SSL takes 0.5 or less. Here is an example. From 13:00 to 15:30 (UTC+4) , SSL requests take the most time. The problem is evident when you open this link with SSL and without. I have WHM available. I've noticed ModSecurity and

Detect if Mod_Security Is Installed With PHP?

阅读更多关于 Detect if Mod_Security Is Installed With PHP?

问题 Is there any simple way to detect if mod_security is installed & enabled using just PHP? Ideally without any exec() terminal type commands to be executed. Some people have recommended using apache_get_modules() but this specific web-host does not allow it to show. This is also mentioned by other users here: http://www.devcomments.com/apache_get_modules-solution-to130703.htm 回答1: Try the apache_get_modulesfunction to get an array of the loaded modules. If that module is loaded but not listed

SSL slow. Establishing secure connection taking too long

阅读更多关于 SSL slow. Establishing secure connection taking too long

I have a dedicated server with 256GB RAM 6 CPUs (12 Threads) on Hetzner, and it is located in Germany. I have CENTOS 7.5 . EA4 . My problem is with SSL. Every day for about 2 hours , we have 40 requests in one second and finishing requests takes about 20 seconds . Non-SSL takes 0.5 or less. Here is an example. From 13:00 to 15:30 (UTC+4) , SSL requests take the most time. The problem is evident when you open this link with SSL and without. I have WHM available. I've noticed ModSecurity and wonder if it might be the problem. I've applied most of the settings provided here , but there is not

mod_security: A rule to allow POST requests without a request body

阅读更多关于 mod_security: A rule to allow POST requests without a request body

问题 I have Apache 2.4 and mod_security 2.9.1 installed, and it is working, with some very basic rules. I am trying to make a POST request that includes some header information, but doesn't have anything in the request body (the request is to an API endpoint which is being protected by mod_security, and that endpoint requires a POST without the request body). A POST that doesn't require a body is valid, per the following: Are PUT and POST requests required/expected to have a request body? mod

modsecurity create rule disable GET request

阅读更多关于 modsecurity create rule disable GET request

问题 I want to create a mod security2x rule that will block the GET request to a specific URL. for example I want to block the URL with the GET in the header: 'www.test.com' I've never made a rule within modsecurity, and not sure this will work with anomaly detection mode. This would be an example of the GET request: GET/secure/bla/test/etc/ This is what I have so far: SecRule ARGS "www.test.com" phase:2,log,deny,id:'1234',msg:'403 Access Denied' 回答1: You want something like this: SecRule REQUEST

mod_security: A rule to allow POST requests without a request body

阅读更多关于 mod_security: A rule to allow POST requests without a request body

I have Apache 2.4 and mod_security 2.9.1 installed, and it is working, with some very basic rules. I am trying to make a POST request that includes some header information, but doesn't have anything in the request body (the request is to an API endpoint which is being protected by mod_security, and that endpoint requires a POST without the request body). A POST that doesn't require a body is valid, per the following: Are PUT and POST requests required/expected to have a request body? mod_security is blocking the request because it seems that it can't parse/format the body (likely because it

Facebook links to my site resolve as 403 forbidden

阅读更多关于 Facebook links to my site resolve as 403 forbidden

Hi I'm experiencing a super weird problem. Whenever I post links to my website on Facebook, they come up as Forbidden. The site itself works great and I have no seen this when linking on other sites. Could this be a server misconfiguration? Any thoughts on where to look? here's some Info: I have a dedicated server running WHM 11.25.0 i have 2 sites hosted here using cPanel 11.25.0 the error msg: Forbidden You don't have permission to access /blog/deepwater-horizon-11/ on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Mod Security response/request body size?

阅读更多关于 Mod Security response/request body size?

问题 How do I get the size of the response/request body in Mod Security? I keep getting this error for example: [Mon Sep 17 23:34:38 2012] [error] [client 192.168.1.1] ModSecurity: Output filter: Response body too large (over limit of 1000, total not specified). [hostname "example.com"] [uri "/index.php"] [unique_id "asdf"] It's not telling me the total; how can I figure the total out? 回答1: Take a look at the SecResponseBodyLimit docs: SecResponseBodyLimit Description: Configures the maximum

Mod_security is sometimes blocking my ajax script - how can I find out why?

阅读更多关于 Mod_security is sometimes blocking my ajax script - how can I find out why?

I've built some kind of CMS application using php and mysql. Everything has worked perfectly on localhost, so I've moved it to the web. Now I'm experiencing strange problems when someone is adding new article. Sometimes it just gets added normally, and sometimes the user get's this error: Not Acceptable An appropriate representation of the requested resource /path_to/file.php could not be found on this server. After some time on Google, I've found out that mod_security is blocking my script (or something like that). Is there any way that I can see why it is blocking my script? I'm not very