Question

我将Apache与Apache Tomcat联系起来，昨晚它工作正常，直到我今天再次尝试运行系统，它给了我一个访问被拒绝的错误。我的Apache服务器的mod_security配置了OWasp规则。这是错误日志：

ModSecurity: Access denied with code 403 (phase 1). Match of "within {tx.allowed_methods}" against "REQUEST_METHOD" required [file "C:/SourceCodes/Apache24/conf/owasp-modsecurity-crs-master/base_rules/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "localhost"] [uri "/XSS_Attack_Test/"] [unique_id "VQ67McCoAWwAABg4SGoAAAA@"]  
[Sun Mar 22 20:53:05.769945 2015] [:error] [pid 6200:tid 1084] [client ::1] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "C:/SourceCodes/Apache24/conf/owasp-modsecurity-crs-master/base_rules/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "localhost"] [uri "/favicon.ico"] [unique_id "VQ67McCoAWwAABg4SGsAAAA@"]

Answer 1

只是评论了http政策中的一些规则，以使其发挥作用。

Answer 2

错误日志清楚地表明违反了哪条规则，您可能会在日志中看到规则ID并将其禁用。

按ID禁用规则，使用mod_security.conf中的以下段

SecRuleRemoveByID 960032

Apache错误403：禁止

2 个答案: