本文介绍了解决ModSecurity因主机名使用IP地址而触发的安全规则错误问题的方法。通过修改配置文件并注释掉特定规则,可以避免访问127.0.0.1或主机IP时出现错误提示。
问题:
在浏览器中输入127.0.0.1或者主机IP,都会出现一下错误:
/**********/
Bad Request
Your browser sent a request that this server could not understand.
Apache/2.2.0 (Fedora) Server at 127.0.0.1 Port 80
/*********/
如果在主机上用浏览器打开http://主机名/则能够正常打开网页,没有提示错误
查看日志:
/**********/
[Mon Aug 27 08:15:56 2007] [error] [client 127.0.0.1] ModSecurity: Access denied with code 400 (phase 1). Pattern match "^[////d////.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [hostname "127.0.0.1"] [uri "/"] [unique_id "QrBrQ38AAAEAACZ5GVAAAAAH"]
/******/
解决:
编辑文件/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf
注释掉此句(也就是在前面加"#"):
SecRule REQUEST_HEADERS:Host "^[/d/.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',id:'960017'
然后重启服务httpd
这样子应该还是会存在安全漏洞。
在浏览器中输入127.0.0.1或者主机IP,都会出现一下错误:
/**********/
Bad Request
Your browser sent a request that this server could not understand.
Apache/2.2.0 (Fedora) Server at 127.0.0.1 Port 80
/*********/
如果在主机上用浏览器打开http://主机名/则能够正常打开网页,没有提示错误
查看日志:
/**********/
[Mon Aug 27 08:15:56 2007] [error] [client 127.0.0.1] ModSecurity: Access denied with code 400 (phase 1). Pattern match "^[////d////.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [hostname "127.0.0.1"] [uri "/"] [unique_id "QrBrQ38AAAEAACZ5GVAAAAAH"]
/******/
解决:
编辑文件/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf
注释掉此句(也就是在前面加"#"):
SecRule REQUEST_HEADERS:Host "^[/d/.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',id:'960017'
然后重启服务httpd
这样子应该还是会存在安全漏洞。
扫一扫
4026
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
