Modsecurity Nginx 破坏了 Wordpress Woocommerce 结帐页面。找不到有效的规则排除

Modsecurity Nginx 破坏了 Wordpress Woocommerce 结帐页面。找不到有效的规则排除

我在 Raspberry Pi 4 上运行基于 Ubuntu 20.04 的 LEMP 服务器。我正在开发一个 Wordpress Woocommerce 网站https://www.mcmo.is。目前在 iOS 上使用 Safari 或 Google Chrome,我无法通过启用 Modsecurity 的网站 Woocommerce 结帐页面。尝试结帐某件商品时,“您的订单”下的付款方式选项显示为灰色(见下图),阻止我结帐。Mcmo.is/checkout 付款被阻止 1Mcmo.is/checkout 付款被阻止 2

该错误尤其发生在页面上https://www.mcmo.is/checkout/,当您的购物车中有商品时。

这里我的Modsec_audit.log在 iOS Safari 上刷新结帐页面后触发:

---PVwDGcNo---H--
ModSecurity: Warning. Matched "Operator `Pm' with parameter `AppleWebKit Android' against variable `REQUEST_HEADERS:User-Agent' (Value: `jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1267"] [id "920300"] [rev ""] [msg "Request Missing an Accept Header"] [data ""] [severity "5"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/"] [unique_id "168487174739.348118"] [ref "v0,4v46,57"]
 
---PVwDGcNo---J--
 
---PVwDGcNo---K--
 
---PVwDGcNo---Z--
 
---CQNTU3vm---A--
[23/May/2023:14:56:57 -0500] 168487181772.491223 104.28.103.67 12879 10.10.10.2 443
---CQNTU3vm---B--
POST /?wc-ajax=update_order_review HTTP/2.0
user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
sec-fetch-site: same-origin
origin: https://www.mcmo.is
accept-encoding: gzip, deflate, br
cookie: __stripe_mid=91fdd213-af74-4b85-9598-839fcc55d0cc5c6ea9; __stripe_sid=0cdbb2f7-444e-48fe-aba6-703176fe86b4147508; _pk_id.1.37a4=b74807d259313be5.1684820191.; _pk_ses.1.37a4=1; woocommerce_cart_hash=08cc07e027a73f2cd5bd1311c4c41d0d; woocommerce_items_in_cart=1; wp_woocommerce_session_173dd7436a96149bdd624d8b340b4484=t_e92a890f9274d560fca7a7d246ce0f%7C%7C1685044476%7C%7C1685040876%7C%7C7c2446cd6987f53d9ffa67544cca90e2
content-length: 1175
accept-language: en-US,en;q=0.9
accept: */*
x-requested-with: XMLHttpRequest
content-type: application/x-www-form-urlencoded; charset=UTF-8
sec-fetch-mode: cors
host: www.mcmo.is
referer: https://www.mcmo.is/checkout/
sec-fetch-dest: empty
 
---CQNTU3vm---C--
security=f0cfee6ae7&payment_method=stripe_cc&country=US&state=WI&postcode=&city=&address=&address_2=&s_country=US&s_state=WI&s_postcode=&s_city=&s_address=&s_address_2=&has_full_address=false&post_data=billing_email%3D%26billing_first_name%3D%26billing_last_name%3D%26billing_company%3D%26billing_country%3DUS%26billing_address_1%3D%26billing_address_2%3D%26billing_city%3D%26billing_state%3DWI%26billing_postcode%3D%26billing_phone%3D%26order_comments%3D%26payment_method%3Dstripe_cc%26stripe_cc_token_key%3D%26stripe_cc_payment_intent_key%3D%26stripe_applepay_token_key%3D%26stripe_applepay_payment_intent_key%3D%26stripe_afterpay_token_key%3D%26stripe_afterpay_payment_intent_key%3D%26stripe_affirm_token_key%3D%26stripe_affirm_payment_intent_key%3D%26stripe_klarna_token_key%3D%26stripe_klarna_payment_intent_key%3D%26stripe_giropay_token_key%3D%26stripe_giropay_payment_intent_key%3D%26stripe_sepa_token_key%3D%26stripe_sepa_payment_intent_key%3D%26stripe_wechat_token_key%3D%26stripe_wechat_payment_intent_key%3D%26stripe_alipay_token_key%3D%26stripe_alipay_payment_intent_key%3D%26woocommerce-process-checkout-nonce%3Dad56a76f3f%26_wp_http_referer%3D%252Fcheckout%252F
 
---CQNTU3vm---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
 
---CQNTU3vm---F--
HTTP/2.0 403
x-frame-options: SAMEORIGIN
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Encoding: br
X-Content-Type-Options: nosniff
Content-Type: text/html
Date: Tue, 23 May 2023 19:56:57 GMT
Server: nginx
 
---CQNTU3vm---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `%[0-9a-fA-F]{2}' against variable `ARGS:post_data' (Value: `billing_email=&billing_first_name=&billing_last_name=&billing_company=&billing_country=US&billing_ad (739 characters omitted)' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1236"] [id "920230"] [rev ""] [msg "Multiple URL Encoding Detected"] [data "billing_email=&billing_first_name=&billing_last_name=&billing_company=&billing_country=US&billing_address_1=&billing_address_2=&billing_city=&billing_state=WI&billing_postcode=&billing_phone=&order_co (639 characters omitted)"] [severity "4"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/267/120"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/"] [unique_id "168487181772.491223"] [ref "o825,3v1175,839"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98`<>]*?){12})' against variable `ARGS:post_data' (Value: `billing_email=&billing_first_name=&billing_last_name=&billing_company=&billing_country=US&billing_ad (739 characters omitted)' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1145"] [id "942430"] [rev ""] [msg "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)"] [data "Matched Data: =&billing_first_name=&billing_last_name=&billing_company=&billing_country=US&billing_address_1=& found within ARGS:post_data: billing_email=&billing_first_name=&billing_last_name=&billin (775 characters omitted)"] [severity "4"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/"] [unique_id "168487181772.491223"] [ref "o13,96o13,96v1175,839t:urlDecodeUni"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `6' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "81"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "10.10.10.2"] [uri "/"] [unique_id "168487181772.491223"] [ref ""]
 
---CQNTU3vm---J--
 
---CQNTU3vm---K--
 
---CQNTU3vm---Z--
 
---vJW4uWev---A--
[23/May/2023:14:56:58 -0500] 168487181857.638634 104.28.103.67 12879 10.10.10.2 443
---vJW4uWev---B--
POST /ngx_pagespeed_beacon?url=https%3A%2F%2Fwww.mcmo.is%2Fcheckout%2F HTTP/2.0
user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 16_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
sec-fetch-site: same-origin
referer: https://www.mcmo.is/checkout/
origin: https://www.mcmo.is
accept-encoding: gzip, deflate, br
cookie: __stripe_mid=91fdd213-af74-4b85-9598-839fcc55d0cc5c6ea9; __stripe_sid=0cdbb2f7-444e-48fe-aba6-703176fe86b4147508; _pk_id.1.37a4=b74807d259313be5.1684820191.; _pk_ses.1.37a4=1; woocommerce_cart_hash=08cc07e027a73f2cd5bd1311c4c41d0d; woocommerce_items_in_cart=1; wp_woocommerce_session_173dd7436a96149bdd624d8b340b4484=t_e92a890f9274d560fca7a7d246ce0f%7C%7C1685044476%7C%7C1685040876%7C%7C7c2446cd6987f53d9ffa67544cca90e2
content-length: 1518
accept-language: en-US,en;q=0.9
accept: */*
content-type: application/x-www-form-urlencoded
sec-fetch-mode: cors
host: www.mcmo.is
sec-fetch-dest: empty
 
---vJW4uWev---C--
oh=2RDKPDrkqK&n=oXR-u9g8ZBY&ci=3819676361,3704443330,2391801292&rd=%7B%22807302714%22%3A%7B%22rw%22%3A2500%2C%22rh%22%3A1075%2C%22ow%22%3A2500%2C%22oh%22%3A1075%7D%2C%221098383817%22%3A%7B%22rw%22%3A43%2C%22rh%22%3A26%2C%22ow%22%3A43%2C%22oh%22%3A26%7D%2C%221857610682%22%3A%7B%22rw%22%3A750%2C%22rh%22%3A205%2C%22ow%22%3A750%2C%22oh%22%3A205%7D%2C%221973805766%22%3A%7B%22rw%22%3A43%2C%22rh%22%3A26%2C%22ow%22%3A43%2C%22oh%22%3A26%7D%2C%222158018692%22%3A%7B%22rw%22%3A43%2C%22rh%22%3A26%2C%22ow%22%3A43%2C%22oh%22%3A26%7D%2C%222267908736%22%3A%7B%22rw%22%3A500%2C%22rh%22%3A500%2C%22ow%22%3A500%2C%22oh%22%3A500%7D%2C%222391801292%22%3A%7B%22rw%22%3A1%2C%22rh%22%3A1%2C%22ow%22%3A1%2C%22oh%22%3A1%7D%2C%222607940429%22%3A%7B%22rw%22%3A82%2C%22rh%22%3A23%2C%22ow%22%3A82%2C%22oh%22%3A23%7D%2C%222612327244%22%3A%7B%22rw%22%3A43%2C%22rh%22%3A26%2C%22ow%22%3A43%2C%22oh%22%3A26%7D%2C%223217526565%22%3A%7B%22rw%22%3A165%2C%22rh%22%3A105%2C%22ow%22%3A165%2C%22oh%22%3A105%7D%2C%223267582129%22%3A%7B%22rw%22%3A56%2C%22rh%22%3A32%2C%22ow%22%3A56%2C%22oh%22%3A32%7D%2C%223761568465%22%3A%7B%22rw%22%3A72%2C%22rh%22%3A36%2C%22ow%22%3A72%2C%22oh%22%3A36%7D%2C%223819676361%22%3A%7B%22rw%22%3A56%2C%22rh%22%3A17%2C%22ow%22%3A218%2C%22oh%22%3A68%7D%2C%223844434478%22%3A%7B%22rw%22%3A150%2C%22rh%22%3A48%2C%22ow%22%3A150%2C%22oh%22%3A48%7D%2C%224142142527%22%3A%7B%22rw%22%3A102%2C%22rh%22%3A52%2C%22ow%22%3A102%2C%22oh%22%3A52%7D%2C%224235224056%22%3A%7B%22rw%22%3A250%2C%22rh%22%3A250%2C%22ow%22%3A250%2C%22oh%22%3A250%7D%7D
 
---vJW4uWev---E--
\xa1\x88\x04\x00 :\xb7\xceF\xe8\x84\x06\x0c\xf2\xa3)X\xc4\x82\x1bI=Y\xc8\x99]2\x92L\x0a\x0aZ\xa37|\xdc\xbe5I\xe4bPIXo\xd5\x05mi!\xeb\xcdn\xd3!\x14&\xcb$\x98d!\xd8Q\x19\xc5\x95\xca\xc5\xaar\x8c\x1bY\xd6\x80\xf0\xfa\xdc\xfe\xb8kD\xd3l\x00
 
---vJW4uWev---F--
HTTP/2.0 403
x-frame-options: SAMEORIGIN
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Security-Policy: default-src * data: 'unsafe-eval' 'unsafe-inline'
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Encoding: br
X-Content-Type-Options: nosniff
Content-Type: text/html
Date: Tue, 23 May 2023 19:56:58 GMT
Server: nginx
 
---vJW4uWev---H--
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i:(?:(?:(?:(?:trunc|cre|upd)at|renam)e|(?:inser|selec)t|de(?:lete|sc)|alter|load)\s*?\(\s*?space\s*?\(|,.*?[)\da-f\"'`][\"'`](?:[\"'`].*?[\"'`]|(?:\r?\n)?\z|[^\"'`]+)|\Wselect.+\W*?from))' against variable `ARGS:rd' (Value: `{"807302714":{"rw":2500,"rh":1075,"ow":2500,"oh":1075},"1098383817":{"rw":43,"rh":26,"ow":43,"oh":26 (677 characters omitted)' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "671"] [id "942200"] [rev ""] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,"rh":1075,"ow":2500,"oh":1075},"1098383817":{ found within ARGS:rd: {"807302714":{"rw":2500,"rh":1075,"ow":2500,"oh":1075},"1098383817":{"rw":43,"rh":26,"ow":43,"oh":26},"1857610682":{" (660 characters omitted)"] [severity "2"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/ngx_pagespeed_beacon"] [unique_id "168487181857.638634"] [ref "o23,46v1028,777t:urlDecodeUni"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i:[\"'`]\s*?(?:(?:n(?:and|ot)|(?:x?x)?or|between|\|\||and|div|&&)\s+[\s\w]+=\s*?\w+\s*?having\s+|like(?:\s+[\s\w]+=\s*?\w+\s*?having\s+|\W*?[\"'`\d])|[^?\w\s=.,;)(]++\s*?[(@\"'`]*?\s*?\w+\W+\w|\*\s* (166 characters omitted)' against variable `ARGS:rd' (Value: `{"807302714":{"rw":2500,"rh":1075,"ow":2500,"oh":1075},"1098383817":{"rw":43,"rh":26,"ow":43,"oh":26 (677 characters omitted)' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "732"] [id "942260"] [rev ""] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: ":{"rw":2 found within ARGS:rd: {"807302714":{"rw":2500,"rh":1075,"ow":2500,"oh":1075},"1098383817":{"rw":43,"rh":26,"ow":43,"oh":26},"1857610682":{"rw":750,"rh":205,"ow":750,"oh":205}," (623 characters omitted)"] [severity "2"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/ngx_pagespeed_beacon"] [unique_id "168487181857.638634"] [ref "o11,9v1028,777t:urlDecodeUni"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i:(?:[\"'`](?:\s*?(?:is\s*?(?:[\d.]+\s*?\W.*?[\"'`]|\d.+[\"'`]?\w)|\d\s*?(?:--|#))|(?:\W+[\w+-]+\s*?=\s*?\d\W+|\|?[\w-]{3,}[^\w\s.,]+)[\"'`]|[\%&<>^=]+\d\s*?(?:between|like|x?or|and|div|=))|(?i:n?an (121 characters omitted)' against variable `ARGS:rd' (Value: `{"807302714":{"rw":2500,"rh":1075,"ow":2500,"oh":1075},"1098383817":{"rw":43,"rh":26,"ow":43,"oh":26 (677 characters omitted)' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "858"] [id "942340"] [rev ""] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: "807302714":{" found within ARGS:rd: {"807302714":{"rw":2500,"rh":1075,"ow":2500,"oh":1075},"1098383817":{"rw":43,"rh":26,"ow":43,"oh":26},"1857610682":{"rw":750,"rh":205,"ow":750,"oh":2 (628 characters omitted)"] [severity "2"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/ngx_pagespeed_beacon"] [unique_id "168487181857.638634"] [ref "o1,14v1028,777t:urlDecodeUni"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `(?i:[\"'`](?:\s*?(?:(?:\*.+(?:(?:an|i)d|between|like|x?or|div)\W*?[\"'`]|(?:between|like|x?or|and|div)\s[^\d]+[\w-]+.*?)\d|[^\w\s?]+\s*?[^\w\s]+\s*?[\"'`]|[^\w\s]+\s*?[\W\d].*?(?:--|#))|.*?\*\s*?\d)|[ (44 characters omitted)' against variable `ARGS:rd' (Value: `{"807302714":{"rw":2500,"rh":1075,"ow":2500,"oh":1075},"1098383817":{"rw":43,"rh":26,"ow":43,"oh":26 (677 characters omitted)' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "917"] [id "942370"] [rev ""] [msg "Detects classic SQL injection probings 2/3"] [data "Matched Data: ":{" found within ARGS:rd: {"807302714":{"rw":2500,"rh":1075,"ow":2500,"oh":1075},"1098383817":{"rw":43,"rh":26,"ow":43,"oh":26},"1857610682":{"rw":750,"rh":205,"ow":750,"oh":205},"19738 (618 characters omitted)"] [severity "2"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/ngx_pagespeed_beacon"] [unique_id "168487181857.638634"] [ref "o11,4v1028,777t:urlDecodeUni"]
ModSecurity: Warning. Matched "Operator `Rx' with parameter `((?:[~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98`<>][^~!@#\$%\^&\*\(\)\-\+=\{\}\[\]\|:;\"'\xc2\xb4\xe2\x80\x99\xe2\x80\x98`<>]*?){12})' against variable `ARGS:rd' (Value: `{"807302714":{"rw":2500,"rh":1075,"ow":2500,"oh":1075},"1098383817":{"rw":43,"rh":26,"ow":43,"oh":26 (677 characters omitted)' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1145"] [id "942430"] [rev ""] [msg "Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12)"] [data "Matched Data: {"807302714":{"rw":2500,"rh":1075," found within ARGS:rd: {"807302714":{"rw":2500,"rh":1075,"ow":2500,"oh":1075},"1098383817":{"rw":43,"rh":26,"ow":43,"oh":26},"1857610682":{"rw":750,"rh (649 characters omitted)"] [severity "4"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "10.10.10.2"] [uri "/ngx_pagespeed_beacon"] [unique_id "168487181857.638634"] [ref "o0,35o0,35v1028,777t:urlDecodeUni"]
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `23' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "81"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 23)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "10.10.10.2"] [uri "/ngx_pagespeed_beacon"] [unique_id "168487181857.638634"] [ref ""]
 
---vJW4uWev---J--
 
---vJW4uWev---K--
 
---vJW4uWev---Z--

这是我的对应Modsec_Debug.log内容: Modsec_debug.log.Part1 Modsec_debug.log.Part2 Modsec_debug.log.Part3 Modsec_debug.log.Part4 Modsec_debug.log.Part5

在我的REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf自定义规则排除文件中,我有以下规则排除:

SecRule REQUEST_URI "@streq /" \
    "id:1060,\
    phase:1,\
    pass,\
    nolog,\
    ctl:ruleRemoveById=920230,\
    ctl:ruleRemoveById=942430,\
    ctl:ruleRemoveById=949110"

SecRule REQUEST_URI "@streq /ngx_pagespeed_beacon" \
    "id:1061,\
    phase:1,\
    pass,\
    nolog,\
    ctl:ruleRemoveById=942200,\
    ctl:ruleRemoveById=942260,\
    ctl:ruleRemoveById=942340,\
    ctl:ruleRemoveById=942370,\
    ctl:ruleRemoveById=942430,\
    ctl:ruleRemoveById=949110"

但这些排除仍然不能解除“您的订单”下的信用卡结账区域的封锁网站

似乎 Modsecurity 的自定义规则中有些东西不起作用,我似乎无法找出正确的规则排除来解除对 Woocommerce 支付选项的阻止结帐页面

我的问题是: 有人能看看我的日志文件,告诉我应该排除哪些规则,以及我该如何排除它们吗?你能解释一下为什么我当前的规则似乎无效吗?任何帮助都非常感谢!

相关内容