通过 .htaccess 删除 modsecurity 规则
当尝试保存包含某些可能类似于 SQL 查询的文本的文件时,我收到 500 内部服务器错误。所以 ModSecurity 阻止了它:
[client xxx.xxx.xxx.xxx] ModSecurity: Access denied with code 500 (phase 2). Pattern match "(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)" at ARGS:description. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "359"] [id "300016"] [rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "xxxxxxxxxxxxx.net"] [uri "/app/3/admin/modules/product/product_a.php"] [unique_id "TzvCxkPj2kkAAH4WkMwAAAAE"]
所以我在文件夹 /app/3/admin/modules/product/ 上创建了一个 .htaccess 文件
<IfModule mod_security.c>
SecFilterRemove 300015
SecFilterRemove 300016
</IfModule>
但这也不能解决问题。我仍然收到 500 代码,其中包含 apache 日志文件中的日志条目。
知道为什么这可能不起作用吗?
I get a 500 Internal Server Error when trying to save a file with some text that may resemble an sql query. So ModSecurity is blocking it:
[client xxx.xxx.xxx.xxx] ModSecurity: Access denied with code 500 (phase 2). Pattern match "(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)" at ARGS:description. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "359"] [id "300016"] [rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "xxxxxxxxxxxxx.net"] [uri "/app/3/admin/modules/product/product_a.php"] [unique_id "TzvCxkPj2kkAAH4WkMwAAAAE"]
So I create an .htaccess file on the folder /app/3/admin/modules/product/
<IfModule mod_security.c>
SecFilterRemove 300015
SecFilterRemove 300016
</IfModule>
But this is not solving the issue either. I am still getting a 500 code with log entries in apache's log file.
Any idea why this may not be working?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
文件的保存真的是问题所在吗?我觉得很难想象,因为这根本不是 Apache 的管辖范围。难道不是查询字符串中的查询造成了麻烦吗?
您也许能够规避这一点,例如通过对查询进行 Base64 编码(如果 33% 的大小增加不能测试 URL 的大小限制),或者将查询存储在会话变量中并仅传递唯一的指向变量的随机键。
Is it really the saving of the file that is the problem? I find it hard to imagine, seeing as that isn't Apache's jurisdiction at atll. Isn't it rather the query being in a query string that is causing trouble?
You might be able to circumvent that e.g. by base64 encoding the query (if the 33% size increase doesn't test the URL's size limits), or storing the query in a session variable and passing only a unique random key pointing to the variable.