[25/Oct/2016:09:35:16 +0200] [demo.localhost.me/sid#555555a697d8][rid#5555572958d8][/XXXXX.php][2]
Warning. Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){5,}"
at ARGS_NAMES:MtCons-NSOPE3-MtCons12-HJIBE-2808-J103048-2016. [file "/XXXXX/apc22/virtual
/XXXX/crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"]
[data "Matched Data: - found within ARGS_NAMES:MtCons-NSOPE3-MtCons12-HJIBE-2808-J103048-2016: MtCons-NSOPE3-MtCons12-HJIBE-2808-J103048-2016"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"]
你好,
我正在尝试使用正则表达式删除这个误报,但这似乎不可能?
我熟悉 ModSecurity 白名单,但这个“ARGS_NAMES”的正则表达式似乎不起作用。
我努力了:
SecRuleUpdateTargetById 981173 "!ARGS_NAMES:/MtCons.*/"
SecRuleUpdateTargetById 981173 "!ARGS_NAMES:/MtCons.*/gm"
感谢您的帮助
答案1
正确的语法是:
SecRuleUpdateTargetById 981173 "!ARGS_NAMES:/MtCons.*/"