mod_security / Atomicorp Basic WAF:POST中的URI
[英]mod_security / Atomicorp Basic WAF: URI in POST
问题描述
I use mod_security with the WAF Basic Rules by Atomicorp.com on my Apache webserver. 
我在我的Apache网络服务器上使用mod_security和Atomicorp.com的WAF基本规则。 It prevents me from doing a POST of a form, containing an URI. 它阻止我对包含URI的表单进行POST。
For example, if I POST https://example.com/demo via form, there a 403 Forbidden error occures. 例如,如果我通过表单发布https://example.com/demo ,则会出现403 Forbidden错误。
This is my Apache log file: 这是我的Apache日志文件:
"/etc/httpd/conf/modsecurity.d/rules/tortix/modsec/50_plesk_basic_asl_rules.conf"] [line "207"] [id "340162"] [rev "294"] [msg "Protected by Atomicorp.com Basic Non-Realtime WAF Rules: URL detected as argument, possible RFI attempt detected"] [data "%TX:1,TX:1"] [severity "CRITICAL"] [hostname "*****.de"] [uri "/admin/"] [unique_id "*****"]
Can I just deactivate the rule with the ID 340162 or is there any other solution (maybe even without JavaScript)? 我可以使用ID 340162停用规则,还是有其他解决方案(甚至可能没有JavaScript)? I do not think that this rule is very important for me, because I am not a beginner programmer and does not have any eval(file_get_contents($_GET['url'])); 我不认为这条规则对我来说非常重要,因为我不是初学程序员,也没有任何eval(file_get_contents($_GET['url'])); or something other of this sort in my code ;-) 或者我的代码中的其他类似东西;-)
1 个解决方案
解决方案1
2 2017-07-03 14:35:12
在Plesk 12中,您可以转到Tools & Settings > Web Application Firewall (ModSecurity)并在Security rule IDs旁边插入rule_id 340162(在Switch off security rules下面)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.