Cloudfare 后面的页面禁止 OWASP ModSecurity Docker 映像访问
我在反向代理模式下使用最新的 docker 镜像
我不断收到相同的消息 403 禁止,我认为原因是 ModSecurity 图像尝试使用其 ip 直接访问该站点,而不使用主机标头
我该如何解决?
I'm using the latest docker image in reverse proxy mode
I keep receiving the same message 403 forbidden, I think cause the ModSecurity image try to reach the site directly with its ip and without Host header
How can I resolve?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您的问题可能与 NGiNX 设置的
Host标头有关。如果您连接到localhost,则传输的Host标头将为localhost,并且接收服务器很可能不接受该标头。如果这确实是您的问题,那么您可以通过显式设置
Host标头来诊断它,并查看是否可以解决问题。例如:请注意,容器的行为符合设计。但是,可以创建一个案例来支持以下情况:对代理的所有请求都使用与代理目标匹配的
Host标头。如果您认为需要,请在 GitHub 上打开问题:https://github .com/coreruleset/modsecurity-docker/issues/new。我们很乐意提供帮助。Your issue is likely with the
Hostheader that is being set by NGiNX. If you connect tolocalhost, the transmittedHostheader will belocalhostand the receiving server will most likely not accept that.If this is indeed your issue, then you can diagnose it by setting the
Hostheader explicitly, and see whether that solves it. For example:Note that the container behaves as designed. However, a case could be made to support a case where all requests to the proxy use the
Hostheader that matches the proxy target. If you feel that you need that, please open an issue on GitHub: https://github.com/coreruleset/modsecurity-docker/issues/new. We'll be happy to help.