堆栈内存溢出
  简体   繁体   English

在Apache的Modsecurity中通过ID禁用规则

[英]Disaabe rule by ID in modsecurity on apache

 原文  2018-07-17 10:27:43       apache/ ubuntu-16.04/ mod-security

问题描述

I put ModSecurity for a web server and works fine. 我将ModSecurity用于Web服务器并正常工作。 But some of the cases it blocked and giving Access Denied page. 但在某些情况下,它被阻止并显示“ Access Denied页面。 Below shows unwanted rule IDs which are getting from after reading log file. 下面显示了读取日志文件后从中获取的不需要的规则ID。

950109 950901 958291 960024 973338 981172 981173 981231 981242 981243 981245 981246 981248 981257 981260 981318 981319 981320

Some of the article says those IDs are frequent false positives . 一些文章说,这些ID frequent false positives So I want to disable those IDs. 所以我想禁用这些ID。

2 个解决方案

解决方案1
 1  2018-07-17 18:38:31

That is a valid approach, but a bit coarse. 这是一种有效的方法,但有点粗糙。 The tutorials at https://netnea.com/apache-tutorials explain the details. https://netnea.com/apache-tutorials上的教程介绍了详细信息。

Besides, you are using an outdated version of the Core Rule Set. 此外,您使用的是核心规则集的过时版本。 You should go and check out https://coreruleset.org . 您应该去看看https://coreruleset.org Update to CRS3 and 90% of your false positives will be gone. 更新到CRS3,您90%的误报将消失。

解决方案2
 0 已采纳  2018-07-17 10:27:43

After searching, I found a solution for disable those rule IDs. 搜索之后,我找到了禁用这些规则ID的解决方案。 This is how I disable those IDs. 这就是我禁用这些ID的方式。

Add this on end of the /etc/apache2/mods-available/security2.conf 将此添加到/etc/apache2/mods-available/security2.conf末尾

<IfModule mod_security2.c> SecRuleRemoveById 950109 SecRuleRemoveById 950901 SecRuleRemoveById 958291 SecRuleRemoveById 960024 SecRuleRemoveById 973338 SecRuleRemoveById 981172 SecRuleRemoveById 981173 SecRuleRemoveById 981231 SecRuleRemoveById 981242 SecRuleRemoveById 981243 SecRuleRemoveById 981245 SecRuleRemoveById 981246 SecRuleRemoveById 981248 SecRuleRemoveById 981257 SecRuleRemoveById 981260 SecRuleRemoveById 981318 SecRuleRemoveById 981319 SecRuleRemoveById 981320 </IfModule>

then restart apache. 然后重新启动apache。 service apache2 restart .Now its working fine. service apache2 restart 。现在可以正常工作了。

This can also type in a one line. 这也可以输入一行。

<IfModule mod_security2.c> SecRuleRemoveById 950109 950901 958291 960024 973338 981172 981173 981231 981242 981243 981245 981246 981248 981257 981260 981318 981319 981320 </IfModule>

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Apache ModSecurity:另一个具有相同id错误的规则 - Apache ModSecurity: another rule with the same id error ModSecurity:规则中不存在操作ID - ModSecurity: No action id present within the rule ModSecurity CSRF规则警报 - ModSecurity CSRF rule alert ModSecurity 规则 214940 警告 - ModSecurity rule 214940 warning .htaccess和Apache ModSecurity - .htaccess and Apache ModSecurity 使用Apache和ModSecurity进行路由和过滤 - Routing and filtering with Apache and ModSecurity 更新ModSecurity核心规则 - Updating an arugement of a ModSecurity Core Rule 如何在多个虚拟主机中包含相同的modsecurity规则而不更改每个规则和每个主机的ID? - How to include same modsecurity rules in multiple virtual hosts without changing the id for each rule and each host? modsecurity 2-禁用特定规则ID的日志记录? - modsecurity 2 — disable logging for specific rule ids? WordPress网站上的ModSecurity的Apache LocationMatch通配符 - Apache LocationMatch wildcard for ModSecurity on wordpress site
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM