[英]mod_security / Atomicorp Basic WAF: URI in POST
I use mod_security
with the WAF Basic Rules by Atomicorp.com on my Apache webserver. 我在我的Apache网络服务器上使用mod_security
和Atomicorp.com的WAF基本规则。 It prevents me from doing a POST of a form, containing an URI. 它阻止我对包含URI的表单进行POST。
For example, if I POST https://example.com/demo
via form, there a 403 Forbidden
error occures. 例如,如果我通过表单发布https://example.com/demo
,则会出现403 Forbidden
错误。
This is my Apache log file: 这是我的Apache日志文件:
"/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "207"] [id "340162"] [rev "294"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: URL detected as argument, possible RFI attempt detected"] [data "%TX:1,TX:1"] [severity "CRITICAL"] [hostname "*****.de"] [uri "/admin/"] [unique_id "*****"]
Can I just deactivate the rule with the ID 340162
or is there any other solution (maybe even without JavaScript)? 我可以使用ID 340162
停用规则,还是有其他解决方案(甚至可能没有JavaScript)? I do not think that this rule is very important for me, because I am not a beginner programmer and does not have any eval(file_get_contents($_GET['url']));
我不认为这条规则对我来说非常重要,因为我不是初学程序员,也没有任何eval(file_get_contents($_GET['url']));
or something other of this sort in my code ;-) 或者我的代码中的其他类似东西;-)
在Plesk 12中,您可以转到Tools & Settings
> Web Application Firewall (ModSecurity)
并在Security rule IDs
旁边插入rule_id 340162(在Switch off security rules
下面)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.