[英]ModSecurity Access denied with code 403 when using nginx module ngx_http_auth_request_module
我正在尝试将 ModSecurity 配置为在安装了 ngx_http_auth_request_module 的 NGINX 服务器中使用它,我收到以下错误:
2021/11/30 01:52:58 [info] 7#0: *1 ModSecurity: Warning. Matched "Operator `Rx' with parameter `^0?$' against variable `REQUEST_HEADERS:Content-Length' (Value: `51' ) [file "/usr/local/coreruleset-3.3.2/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "161"] [id "920170"] [rev ""] [msg "GET or HEAD Request with Body Content"] [data "51"] [severity "2"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "172.17.0.6"] [uri "/api/v1/busquedas/criterios"] [unique_id "1638237178"] [ref "o0,3v0,3v96,2"], client: 172.17.0.1, server: servername, request: "POST /api/v1/busquedas/criterios HTTP/1.1", subrequest: "/auth", host: "localhost", referrer: "http://localhost/clientes/busqueda"
2021/11/30 01:52:58 [debug] 7#0: *1 malloc: 000056265DD6F8B0:4096
2021/11/30 01:52:58 [debug] 7#0: *1 malloc: 000056265DD708C0:4096
2021/11/30 01:52:58 [debug] 7#0: *1 free: 000056265DD6F8B0
2021/11/30 01:52:58 [debug] 7#0: *1 free: 000056265DD708C0
2021/11/30 01:52:58 [error] 7#0: *1 [client 172.17.0.1] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/usr/local/coreruleset-3.3.2/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "80"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.2"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "172.17.0.6"] [uri "/api/v1/busquedas/criterios"] [unique_id "1638237178"] [ref ""], client: 172.17.0.1, server: servername, request: "POST /api/v1/busquedas/criterios HTTP/1.1", subrequest: "/auth", host: "localhost", referrer: "http://localhost/clientes/busqueda"
2021/11/30 01:52:58 [debug] 7#0: *1 http finalize request: 403, "/auth?" a:1, c:2
2021/11/30 01:52:58 [debug] 7#0: *1 auth request done s:0
2021/11/30 01:52:58 [debug] 7#0: *1 http special response: 403, "/auth?"
20
假设 ModSecurity 执行 SecRule 来验证我的 web 应用程序正在发送到服务器的 POST 请求,但是正如您在前面的警告中看到的那样,它正在验证 GET 请求。
经过一些故障排除后,我发现 SecRule 正在验证 GET 请求不应具有与“”(空字符串)不同的值的 Content-Length header,这是合乎逻辑的。 但是,由于我也在使用 ngx_http_auth_request_module 模块在我的 NGINX 配置文件中生成对以下位置的子请求:
location /auth {
internal;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header access_token $http_access_token;
proxy_pass http://authentication-gwy:8080/cmr-experience-serv-gateway-loggin/v1/auth/token-valid;
}
,然后 ModSecurity 也在尝试评估 GET 子请求,它使用 51 值维护 Content-Length,即使我在位置配置中将其设置为“”。
将 Content-Length 设置为 0,它将解决问题。
nginx - njs - ngx_http_auth_request_module 如何向用户返回 302?
[英]nginx - njs - ngx_http_auth_request_module how to return 302 to user?
将Http代理与ngx_http_sub_module一起使用时,nginx无法返回304
[英]Nginx can't return 304 when using http proxy with ngx_http_sub_module
使用 ngx_http_grpc_module 进行负载平衡时,NGINX 向后端打开了多少连接和流
[英]How many connections and streams are opened by NGINX to backends when loadbalancing with ngx_http_grpc_module
哪个更好:使用Nginx(ngx_http_ssl_module)编译时使用Openssl,LibreSSL或BoringSSL?
[英]Which is better: Openssl, LibreSSL or BoringSSL when compiled with Nginx (ngx_http_ssl_module)?
使用AWS cloudwatch监控nginx ngx_http_stub_status_module
[英]Using AWS cloudwatch to monitor nginx ngx_http_stub_status_module
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.