堆栈内存溢出
  简体   繁体   English

Mod安全性-带xml的请求正文

[英]Mod Security - Request body with xml

 原文  2016-08-02 03:04:50       xml/ apache/ parsing/ soap/ mod-security2

问题描述

In mod security for detect and start an action for request body use SecRule REQUEST_BODY : https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#REQUEST_BODY but when try parse the buffer of Soap action in XML body canot process it. 在用于检测和启动请求主体动作的mod安全中,请使用SecRule REQUEST_BODYhttps : //github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#REQUEST_BODY,但是当尝试解析XML主体Canot中的Soap动作的缓冲区时,会对其进行处理。

Holds the raw request body. 保留原始请求正文。 This variable is available only if the URLENCODED request body processor was used, which will occur by default when the application/x-www-form-urlencoded content type is detected, or if the use of the URLENCODED request body parser was forced. 仅当使用URLENCODED请求主体处理器时才可使用此变量,默认情况下,当检测到application / x-www-form-urlencoded内容类型时,或者如果强制使用URLENCODED请求主体解析器,则将使用此变量。

I try this: 我尝试这样: 

SecRuleEngine on
SecRequestBodyAccess On
SecRule REQUEST_HEADERS:Content-Type "text/xml" "id:'200000',phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
SecRule REQUEST_BODY "<password>\w{0,5}<\/password>" "id:77777771,log,deny,msg:'Week password'"

And in the post buffer: 并在后缓冲区中: 

POST / HTTP/1.1
...
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
Content-Length: 200

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <SOAP-ENV:Body>
    <tns:authenticate xmlns:tns="http://.../">
      <password>abc</password>
      ...

How to detect the response body of SOAP data and deny the match expreg value? 如何检测SOAP数据的响应主体并拒绝匹配expreg值?

1 个解决方案

解决方案1
 0  2016-08-02 03:39:41

I found a soluition in https://serverfault.com/questions/727596/mod-security-how-to-process-text-xml-request-body 我在https://serverfault.com/questions/727596/mod-security-how-to-process-text-xml-request-body中找到了解决方案 

SecRequestBodyAccess On
SecRule REQUEST_HEADERS:Content-Type "text/xml" "phase:1,nolog,pass,ctl:requestBodyProcessor=URLENCODED,id:12345"
SecRule REQUEST_BODY "<password.*?>.{0,6}?</password>" "phase:2,t:none,deny,msg:'Very short password',status:403,auditlog,id:67890"

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在请求正文中重新解析 XML - Restify parsing XML in body of a request Flutter - 带有 xml 主体的 POST 请求 - Flutter - POST request with an xml body 带有 XML 请求正文的 OAuth 签名 - OAuth Signature with XML request body PHP Soap Request:请求中缺少XML正文 - PHP Soap Request: XML Body missing in the request swift contsruct xml请求体的请求 - swift contsruct a request with xml request body 无法读取请求xml正文元素值 - Cannot read request xml body element value PlayFramework:将原始请求xml正文获取为字符串 - PlayFramework: Get original request xml body as string XML请求正文:在Windows Azure上无效 - XML request body: invalid on Windows Azure 如何使用带有 xml Body 的 alamofire 发送请求 - How to send a request with alamofire with xml Body 从Soap请求主体中提取XML - Extracting, the XML from a Soap Request Body
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM