Apache-2.2
Modsecurity REGEX 有沒有效果?
[25/Oct/2016:09:35:16 +0200] [demo.localhost.me/sid#555555a697d8][rid#5555572958d8][/XXXXX.php][2] Warning. Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){5,}" at ARGS_NAMES:MtCons-NSOPE3-MtCons12-HJIBE-2808-J103048-2016. [file "/XXXXX/apc22/virtual /XXXX/crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS_NAMES:MtCons-NSOPE3-MtCons12-HJIBE-2808-J103048-2016: MtCons-NSOPE3-MtCons12-HJIBE-2808-J103048-2016"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"]你好,
我正在嘗試用正則表達式刪除這個假陽性,但這似乎是不可能的?
我熟悉 ModSecurity 白名單,但這個“ARGS_NAMES”的正則表達式似乎不起作用。
我試過了:
SecRuleUpdateTargetById 981173 "!ARGS_NAMES:/MtCons.*/" SecRuleUpdateTargetById 981173 "!ARGS_NAMES:/MtCons.*/gm"謝謝你的幫助
正確的語法是:
SecRuleUpdateTargetById 981173 "!ARGS_NAMES:/MtCons.*/"