Modsecurity SecRuleUpdateTargetById 不起作用

Modsecurity SecRuleUpdateTargetById 不起作用

我正在尝试修改 owasp crs 3.0 规则编号 920440:

[id "920440"] [rev "2"] [msg "URL 文件扩展名受策略限制"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] 警告。在“.asa/.asax/.ascx/.axd/.backup/.bak/.bat/.cdx/.cer/.cfg/.cmd/.com/.config/.conf/.cs/.csproj/.csr/.dat/.db/.dbf/.dll/.dos/.htr/.htw/.ida/.idc/.idq/.inc/.ini/.key/.licx/.lnk/.log/.mdb/.old/.pass/.pdb/.pol/.printer/.pwd/.resources/.resx/.sql/.sys/.vb/.vbs/.vbproj/.vsdisco/.webinfo/.xsd/”内匹配字符串TX:扩展名处为“.xsx/”。

我正在尝试禁用 .com 的检查:

SecRuleUpdateTargetById 920440 !REQUEST_BASENAME:.com

尝试了多种变体:

SecRuleUpdateTargetById 920440 !REQUEST_BASENAME:'.com/' SecRuleUpdateTargetById 920440 !REQUEST_BASENAME:.com/ SecRuleUpdateTargetById 920440 !REQUEST_BASENAME:'.com' SecRuleUpdateTargetById 920440 !REQUEST_BASENAME:.com

不高兴,知道为什么吗?

答案1

只需从文件的配置中删除 .com 即可crs-setup.conf

这是您应该编辑而不是覆盖的文件。

相关内容