[英].htaccess and Apache ModSecurity
I have this .htaccess 我有这个.htaccess
Options -Indexes RewriteEngine On RewriteBase / # Force to exclude the trailing slash RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} (.*)/$ RewriteRule ^(.+)/$ $1 [R=307,L] # Restrict php files direct access # this part generate the problem RewriteCond %{THE_REQUEST} ^.+?\ [^?]+\.php[?\ ] RewriteRule \.php$ - [F] # Allow any files or directories that exist to be displayed directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?$1 [QSA,L]
But the apache write me this: 但阿帕奇给我写了这个:
ModSecurity: Warning.
ModSecurity:警告。 Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required.
需要匹配“在%{tx.allowed_methods}内”与“REQUEST_METHOD”。 [file "/modsecurity/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"]
[file“/modsecurity/modsecurity_crs_30_http_policy.conf”] [line“31”] [id“960032”] [rev“2”] [msg“策略不允许使用方法”] [data“GET”] [severity“CRITICAL “] [ver”OWASP_CRS / 2.2.9“] [maturity”9“] [准确度”9“] [tag”OWASP_CRS / POLICY / METHOD_NOT_ALLOWED“] [tag”WASCTC / WASC-15“] [tag”OWASP_TOP_10 / A6 “] [tag”OWASP_AppSensor / RE1“] [tag”PCI / 12.1“]
How i must edit my htaccess? 我该如何编辑我的htaccess? Thanks guys.
多谢你们。
As the first comment has said that you have a ModSecurity rule blocking your request. 正如第一条评论所说,您有一条阻止您的请求的ModSecurity规则。 If your hosting provider has enabled '--enable-htaccess-config' when building ModSecurity then you have access to disable that particular rule from an htaccess file.
如果您的托管服务提供商在构建ModSecurity时启用了“--enable-htaccess-config”,那么您可以从htaccess文件中禁用该特定规则。 You can use something similar to the following:
您可以使用类似于以下内容的内容:
<IfModule mod_security.c> SecRuleRemoveById 960032 </IfModule>
However, if your provider has not enabled this and you don't have access to any Apache configuration files (httpd.conf, etc). 但是,如果您的提供者尚未启用此功能,并且您无权访问任何Apache配置文件(httpd.conf等)。 Then you will have to contact your hosting provider to fix the issue.
然后,您将必须与托管服务提供商联系以解决此问题。 Sorry
抱歉
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.