我无法让 mod_security 阻止空用户代理请求。我对此不太了解,所以经过搜索,我发现了以下规则:
SecMarker BEGIN_UA_CHECK
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \"skipAfter:END_UA_CHECK,phase:2,rev:'1',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'9',t:none,block,msg:'Request Missing a User Agent Header',id:'960009',tag:'OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA',tag:'WASCTC/WASC-21',tag:'OWASP_TOP_10/A7',tag:'PCI/6.5.10',severity:'5',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
SecRule REQUEST_HEADERS:User-Agent "^$" \"phase:2,t:none,block,msg:'Empty User Agent Header',id:'960006',rev:'1',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'9',tag:'OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA',severity:'5',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
SecMarker END_UA_CHECK
在此处的文件中:/etc/modsecurity/modsecurity_custom_rules.conf
但它只是没有阻止请求......
我是否遗漏了什么?
答案1
解决添加以下自定义规则:
<Location />
# Block empty User-Agents.
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \
"id:'13009',phase:2,t:none,deny,status:406"
SecRule REQUEST_HEADERS:User-Agent "^$" \
"id:'13006',phase:2,t:none,deny,status:406"
</Location>
我从这里改编了规则:http://www.outdoorsxch.com/aa/00.html/usr/local/ssl/local/apache/conf/modsec-imh/40_wordpress.conf
希望这对某人有帮助。