mod_security - 某些 IE 访问者的访问被拒绝 406
有人知道为什么我们服务器上的某些访问者在只需右键单击网站上的文件(.doc、.gif、.pdf 等)进行下载时就会被以下 mod_security 规则阻止吗?他们似乎都是 Windows/IE 用户。
除了注释掉规则本身之外,我们还能做些什么吗?
感谢您的任何想法。
# allow request methods
SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" \
"phase:1,log,auditlog,msg:'Method is not allowed by policy',
severity:'2',id:'960032'"
我发现了类似的问题,但没有解决方案: IE 发送选项文件下载请求< /a>
感谢您的任何想法。
编辑:我想我们找到了罪魁祸首。以下是被阻止者的日志中的一项:
- [10/Sep/2010:19:32:39 -0400] "PROPFIND
/dd_sitefiles/documents/logos/POC_logo_NationalE.gif HTTP/1.1" 406
5636 "-" "Microsoft-WebDAV-MiniRedir/6.1.7600"
由于 PROPFIND 未包含在我们的请求方法中,因此它会生成 406 错误。因此,后续问题是 - 我们是否应该将其添加到规则中?安全隐患有哪些?我们是否可以添加一些内容来防止此处所述的“DavDepthInfinity”相关问题,或者这是一个潜在风险很小的担忧? http://httpd.apache.org/docs/2.0/mod/ mod_dav.html#davdepthinfinity
Would anyone know why some visitors on our server are being blocked by the below mod_security rule when simply right-clicking a file (.doc, .gif, .pdf, etc.) on a site to download it? They seem to be all Windows/IE users.
Anything we can do short of commenting out the rule itself?
Thanks for any ideas.
# allow request methods
SecRule REQUEST_METHOD "!^((?:(?:POS|GE)T|OPTIONS|HEAD))$" \
"phase:1,log,auditlog,msg:'Method is not allowed by policy',
severity:'2',id:'960032'"
I found this similar issue but with no resolution: IE Sending OPTIONS Request for File Downloads
Thanks for any ideas.
Edit: I think we found the culprit. Here's an item from the log of the person who was blocked:
- [10/Sep/2010:19:32:39 -0400] "PROPFIND
/dd_sitefiles/documents/logos/POC_logo_NationalE.gif HTTP/1.1" 406
5636 "-" "Microsoft-WebDAV-MiniRedir/6.1.7600"
Since PROPFIND is not included in our request methods, it's generating the 406 error. So the follow-up question would be - should we just add that to the rule? What are the security implications? Is there something we can add to prevent issues around "DavDepthInfinity" as described here, or is this a lot of worry for little potential risk?
http://httpd.apache.org/docs/2.0/mod/mod_dav.html#davdepthinfinity
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论