modsecurity问题......
REQUEST_METHOD测试在下面做了什么?它出现了两次。
SecRule REQUEST_METHOD“!^ OPTIONS $”“t:none”
SecRule &REQUEST_HEADERS:Accept "@eq 0" \
"chain,phase:2,skip:1,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
SecRule REQUEST_HEADERS:Accept "^$" \
"chain,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \
"skip:1,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',id:'960009',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',severity:'4'"
SecRule REQUEST_HEADERS:User-Agent "^$" \
"t:none,deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',id:'960009',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',severity:'4'"
SecMarker 969999
请不要解释整件事,我可以阅读其他所有内容。看起来像REQUEST_METHOD测试,但是,某种伏都教......
顺便说一句,接受的测试是错误的。根据HTTP,Accept选项不是必需的。答案 0 :(得分:3)
虽然规则 SecRule REQUEST_METHOD“!^ OPTIONS $”“t:none”出现两次,但每次都与另一条规则链接。
Chain是ModSecurity中的一项操作,它将两个或多个规则组合在一起形成一个规则。
规则1现在是:
SecRule& REQUEST_HEADERS:接受“@eq 0”\ “链,阶段:2,跳过:1,t:无,拒绝,日志,审核日志,状态:400,消息:'请求缺少接受标头',严重性:'2',id: '960015',标签: 'PROTOCOL_VIOLATION / MISSING_HEADER'” SecRule REQUEST_METHOD“!^ OPTIONS $”“t:none”
规则2现在
SecRule REQUEST_HEADERS:接受“^ $”\ “链,阶段:2,t:无,拒绝,日志,审核日志,状态:400,消息:'请求缺少接受标头',严重性:'2',ID:'960015',标签: 'PROTOCOL_VIOLATION / MISSING_HEADER'” SecRule REQUEST_METHOD“!^ OPTIONS $”“t:none”