我有一个 Debian Jessie 盒子,Apache 2.4 和默认的 mod_security,并激活了基本规则。当我尝试在 PHP 代码中实现 Google reCAPTCHA 解决方案时,modsecurity 会阻止返回 reCAPTCHA 变量的页面。据我所知,modsecurity SQL 注入保护规则阻止我的网站使用 reCAPTCHA。有没有一种简单的方法可以让 modsecurity 基本 SQL 注入规则让 Google reCAPTCHA 正常工作?我可以从 modsecurity 规则中排除/列入白名单以进行检查吗?
相关 Apache 错误日志条目:
[Thu May 05 20:31:17.407153 2016] [:error] [pid 3604] [client 199.67.203.142] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike
|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARG
S:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [
data "Matched Data: XOr found within ARGS:g-recaptcha-response: 03AHJ_VuuKzOoRV1ncHa31GhztRb7FuB6sFfWtJqRbgw71veDabEm-V1Xkm4Rfh2hsjodBH7Y_S1D0XomTniOoLr9hNKKXlcxAestey_bIW8pZUSHF9N5PGOGagrbdeliSOnCe3Ff-qRRsvrBAh
8lw19hGfOlYMwdYkONJNaiq5KQgELQQxqa9suxdKLscNLvmRBsrJaZc8NNxtZBYMgcuf7_MR0fJRdItiXFs-ttqxvnCUUCWH8bbnXdbfoFBaeuH2j-JHxpNnbTLz6NCVZHSMMFzJ_45GgYUajzeLBmn8u74qdOgIQDRRUSDc4ySnAxozESwb94_RY4o7FhpQu3ebytd2mGcmHPte-cn
MH2VSmsOLCQOVXKvytwC2w8c3JRiFCYTdpMJ0TrDSwlw5b9P4uOhjENJJRRDxRhaUnRktOb0KBJdaevwjYzFJVXVmfuTv..."] [hostname "mzhostname.com"] [uri "/test/test2_load.php"] [unique_id "VyuRdcM4N88AAA4U-PgAAAAB"]
答案1
加载文件后,将以下内容添加到 Apache 配置中/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf:
SecRuleUpdateTargetById 981319 !ARGS:'g-recaptcha-response'
请注意,您可能需要将此参数从其他规则中列入白名单。