您好!我正在尝试 WAF 下的 Discourse,并且收到 仅 消息总线 POST 请求的 403 错误。我知道这不是 Discourse 特有的问题,但我尝试了一天,仍然不明白为什么消息总线会收到 403 请求。任何猜测/想法都将不胜感激!谢谢。
错误消息:
好的,我解决了这个问题!我将把它写在这里。也许将来有人会遇到同样的问题:
我正在使用 BunkerWeb,它在其后端应用程序之一中使用了 Modsecurity。Apparently,该 Modsecurity 核心集规则将消息总线 POST 请求视为 SQL 注入攻击。
ModSecurity: Warning. Matched \"Operator `Rx' with parameter `(?i:(?:^[\\W\\d]+\\s*?(?:(?:alter\\s*(?:a(?:(?:pplication\\s*rol|ggregat)e|s(?:ymmetric\\s*ke|sembl)y|u(?:thorization|dit)|vailability\\s*group)|c(?:r(?:yptographic\\s*provider|edential)|o(?:l(?:latio|um)|nve (1040 个字符已省略)' against variable `ARGS_NAMES:/delete' (Value: `/delete' ) [file \"/usr/share/bunkerweb/core/modsecurity/files/coreruleset/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf\"] [line \"426\"] [id \"942360\"] [rev \"\"] [msg \"Detects concatenated basic SQL injection and SQLLFI attempts\"] [data \"Matched Data: /delete found within ARGS_NAMES:/delete: /delete\"] [severity \"2\"] [ver \"OWASP_CRS/3.3.4\"] [maturity \"0\"] [accuracy \"0\"] [tag \"application-multi\"] [tag \"language-multi\"] [tag \"platform-multi\"] [tag \"attack-sqli\"] [tag \"paranoia-level/1\"] [tag \"OWASP_CRS\"] [tag \"capec/1000/152/248/66\"] [tag \"PCI/6.5.2\"]
我像这样添加了一个 ModSec 规则排除项:
SecAction "id:10000,phase:1,nolog,pass,t:none,ctl:ruleRemoveById=942360
问题解决了!我知道这可能对大多数人没有帮助,但正如我所说,也许它能帮到某人。干杯!
4 个赞
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.