Apache-2.4

Linux、apache2、modsecurity 阻止 Google reCAPTCHA 變數

  • May 5, 2016

我有一個 Debian Jessie 盒子,Apache 2.4 和預設 mod_security 啟用了基本規則。當我嘗試在 PHP 程式碼中實現 Google reCAPTCHA 解決方案時,modsecurity 會阻止頁面返回 reCAPTCHA 變數。如我所見,modsecurity SQL 注入保護規則使用 reCAPTCHA 阻止了我的網站。有沒有一種簡單的方法可以讓 modsecurity 基礎 SQL 注入規則讓 Google reCAPTCHA 正常工作?我可以以某種方式從 modsecurity 規則中排除/白名單一個變數來檢查嗎?

相關的 Apache 錯誤日誌條目:

[Thu May 05 20:31:17.407153 2016] [:error] [pid 3604] [client 199.67.203.142] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike
|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARG
S:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [
data "Matched Data: XOr found within ARGS:g-recaptcha-response: 03AHJ_VuuKzOoRV1ncHa31GhztRb7FuB6sFfWtJqRbgw71veDabEm-V1Xkm4Rfh2hsjodBH7Y_S1D0XomTniOoLr9hNKKXlcxAestey_bIW8pZUSHF9N5PGOGagrbdeliSOnCe3Ff-qRRsvrBAh
8lw19hGfOlYMwdYkONJNaiq5KQgELQQxqa9suxdKLscNLvmRBsrJaZc8NNxtZBYMgcuf7_MR0fJRdItiXFs-ttqxvnCUUCWH8bbnXdbfoFBaeuH2j-JHxpNnbTLz6NCVZHSMMFzJ_45GgYUajzeLBmn8u74qdOgIQDRRUSDc4ySnAxozESwb94_RY4o7FhpQu3ebytd2mGcmHPte-cn
MH2VSmsOLCQOVXKvytwC2w8c3JRiFCYTdpMJ0TrDSwlw5b9P4uOhjENJJRRDxRhaUnRktOb0KBJdaevwjYzFJVXVmfuTv..."] [hostname "mzhostname.com"] [uri "/test/test2_load.php"] [unique_id "VyuRdcM4N88AAA4U-PgAAAAB"]

載入/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf文件後,將以下內容添加到 Apache 配置中:

SecRuleUpdateTargetById 981319 !ARGS:'g-recaptcha-response'

請注意,您可能需要類似地將此參數從其他規則中列入白名單。

引用自:https://serverfault.com/questions/775104