这个正则表达式 mod_security 规则在做什么?
我一生都无法阅读正则表达式。
有人能花点时间帮我弄清楚为什么 mod_security 在我的主机上次更新时突然被触发吗?
我收到此 mod_security 错误:
消息:访问被拒绝,代码为 406(第 2 阶段)。模式匹配 "
\b(\d+) ?= ?\1\b|[\'"](\w+)[\'"] ?= ?[\'"]\2\b” at REQUEST_HEADERS:Cookie。[文件“/usr/local/apache/conf/modsec2.user.conf”] [行“94”] [id“959901”] [msg“SQL注入攻击”] [数据“1=1”][严重性“CRITICAL”][标签“WEB_ATTACK/SQL_INJECTION”]
以下是生成此错误的记录 cookie 之一:
Cookie:pmr=9d800ab159baf3962d1c777225b4b632; pmr_referrer=http%3A%2F%2Frateyourmusic.com%2Fadmin%2Fcoraq%2F%3F1%3D1%26status%3Dw%26show%3D10%26start%3D7020; __utma=229707933.920390620.1326769663.1326769663.1326769663.1; __utmb=229707933.1.10.1326769663; __utmc=229707933; __utmz=229707933.1326769663.1.1.utmcsr=rateyourmusic.com|utmccn=(referral)|utmcmd=referral|utmcct=/admin/corq/
这是因为“admin”在 cookie 中而触发吗???
这是另一个...
Cookie:ui-tabs-1=1; superBAGUS=af14474b9bcc7ec3ae436e58ba172520; superBAGUS_referrer=...; superBAGUS_admin=2%3A747167a9cd89703dbfafe3c7a5c523b4; acco=acco_1; superBAGUS_adviews=.2576.2580.; __utma=10910262.1479346800.1326871079.1326871079.1326873539.2; __utmb=10910262.10.8.1326873800604; __utmc=10910262; __utmz=10910262.1326871079.1.1.utmcsr=(直接)|utmccn=(直接)|utmcmd=(无)
这是因为“ui-tabs-1=1”看起来像 1=1 注入而触发吗???
这个模式匹配到底是什么?
I can't read regex for the life of me.
Anyone got a sec to help me figure out why mod_security is getting triggered all of a sudden with my hosts last update?
I'm getting this mod_security error:
Message: Access denied with code 406 (phase 2). Pattern match "
\b(\d+) ?= ?\1\b|[\'"](\w+)[\'"] ?= ?[\'"]\2\b" at REQUEST_HEADERS:Cookie. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "94"] [id "959901"] [msg "SQL Injection Attack"] [data "1=1"] [severity "CRITICAL"] [tag "WEB_ATTACK/SQL_INJECTION"]
Here is one of the cookies logged that generated this error:
Cookie: pmr=9d800ab159baf3962d1c777225b4b632;
pmr_referrer=http%3A%2F%2Frateyourmusic.com%2Fadmin%2Fcoraq%2F%3F1%3D1%26status%3Dw%26show%3D10%26start%3D7020;
__utma=229707933.920390620.1326769663.1326769663.1326769663.1; __utmb=229707933.1.10.1326769663; __utmc=229707933; __utmz=229707933.1326769663.1.1.utmcsr=rateyourmusic.com|utmccn=(referral)|utmcmd=referral|utmcct=/admin/corq/
Is this triggering because "admin" is in the cookie???
Here's another ...
Cookie: ui-tabs-1=1; superBAGUS=af14474b9bcc7ec3ae436e58ba172520;
superBAGUS_referrer=...;
superBAGUS_admin=2%3A747167a9cd89703dbfafe3c7a5c523b4; acco=acco_1;
superBAGUS_adviews=.2576.2580.;
__utma=10910262.1479346800.1326871079.1326871079.1326873539.2; __utmb=10910262.10.8.1326873800604; __utmc=10910262; __utmz=10910262.1326871079.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Is this triggering because "ui-tabs-1=1" looks like a 1=1 injection???
What exactly is this pattern matching on?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
正则表达式与第一个模式不匹配,所以我不知道可能出了什么问题。
但它确实与第二个模式的
1=1部分匹配,因此您的假设是正确的。正则表达式的解释:
The regex doesn't match the first pattern, so I can't tell what might be wrong.
But it does match the
1=1section of the second pattern, so your assumption is correct.Explanation of the regex: