Modsecurity不会阻止日志中的报告403请求

时间:2017-05-02 23:23:48

标签: apache mod-security2

请参阅下面的日志。即使规则匹配,它也不会阻止请求。如果我遗失任何东西,请告诉我。

由于

--b8246541-A--
[02/May/2017:22:47:47 +0000] WQkMkn8AAAEAAEQeufQAAAAC 192.168.34.199 10787 192.168.34.202 80
--b8246541-B--
GET /index.php?action=&type=view&s=&id=-1%27%20union%20select%200,concat(char(85),char(115),char(101),char(114),char(110),char(97),char(109),char(101),char(58),name,char(32),char(124),char(124),char(32),char(80),char(97),char(115),char(115),char(119),char(111),char(114),char(100),char(58),pass),0,0,0,0,0%20from%20phpdesk_admin/* HTTP/1.1
host: AAAAAAAAAA
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Authorization: Basic bWFya2V0aW5nOkYwciBFDG5t
Cache-Control: max-age=0
Cookie: PHPSESSID=b840n9idrvev95tce36o43o3o3;
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36
X-Forwarded-For: 174.46.33.1
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Connection: keep-alive

--b8246541-F--
HTTP/1.1 200 OK
X-Frame-Options: DENY
Last-Modified: Tue, 02 May 2017 15:47:46 -0700
Expires: Tue, 02 May 2017 23:47:47 +0000
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Set-Cookie: stat_auth_cookie=; path=/; expires=Tue, 02-May-2017 22:46:06 UTC; HTTPOnly; Secure
Cache-Control: max-age=0, private, no-store, no-cache, must-revalidate
Content-Length: 12486
Connection: close
Content-Type: text/html

--b8246541-H--
Message: Access denied with code 403 (phase 2). Pattern match "(/\!?|\/|[';]--|--[\s\r\n\v\f]|(?:--[^-]?-)|([^\-&])#.?[\s\r\n\v\f]|;?\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS -1' union select 0,concat(char(85),char(115),char(101),char(114),char(110),char(97),char(109),char(101),char(58),name,char(32),char(124),char(124),char(32),char(80),char(97),char(115),char(115),char(119),char(111),char(114),char(100),char(58),pass),0,0,0,0,0 from phpdesk_admin/*"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
Apache-Error: [file "mod_access_compat.c"] [line 352] [level 3] AH01797: client denied by server configuration: %s%s
Apache-Error: [file "mod_access_compat.c"] [line 352] [level 3] AH01797: client denied by server configuration: %s%s
Apache-Error: [file "mod_access_compat.c"] [line 352] [level 3] AH01797: client denied by server configuration: %s%s
Action: Intercepted (phase 2)
Apache-Handler: php5-script
Stopwatch: 1493765266751424 968086 (- - -)
Stopwatch2: 1493765266751424 968086; combined=1097, p1=300, p2=740, p3=0, p4=0, p5=57, sr=66, sw=0, l=0, gc=0
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.9.
Server: Apache
Engine-Mode: "ENABLED"

--b8246541-Z--

相关问题:https://serverfault.com/questions/549640/mod-security-not-actually-blocking-requests-despite-rule-trigger-returning-403

以上没有帮助。

我的默认配置只有

SecDefaultAction "phase:1,deny,log"

我尝试添加此功能,但它对阻止请求没有任何影响。

SecDefaultAction "phase:2,log,auditlog,deny,status:403"

0 个答案:

没有答案