我读Folini 的 Apache ModSecurity 精彩教程。
我正在尝试设置一个运行时排除规则,这将禁用规则 920420 (策略不允许请求内容类型)但仅适用于对某个子目录的请求,例如
/path/to/allow/
/path/to/allow/one
/path/to/allow/two
所以我想出了这个:
SecRule REQUEST_FILENAME "@beginsWith /path/to/allow/" "phase:1,nolog,pass,id:10001,ctl:ruleRemoveTargetById=920420"
但它不起作用,在 apache error_log 上我仍然看到
[Thu Oct 19 08:56:20.210636 2023] [:error] [pid 1024043:tid 140057339950848] [client x.x.x.x:0] [client x.x.x.x] ModSecurity: Warning. Match of "within %{tx.allowed_request_content_type}" against "TX:content_type" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "957"] [id "920420"] [msg "Request content type is not allowed by policy"] [data "|application/csp-report|"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "xxx.xxx.xxx"] [uri "/path/to/allow/one"] [unique_id "ZTDTFFJD7si4Et@hbb2tdwAAANc"]
在此日志条目之前,报告缺少 ID“920420”的目标这似乎是 ModSecurity 内部错误,但我在网上找不到有关此错误的任何信息
[Thu Oct 19 08:56:20.207372 2023] [:error] [pid 982022:tid 140057348343552] [client x.x.x.x:0] [client x.x.x.x] ModSecurity: ModSecurity: Missing target for id "920420" [hostname "xxx.xxx.xxx"] [uri "/path/to/allow/one"] [unique_id "ZTDTFJGGmUw09aDzrMRLvQAAABY"]
为什么我的规则排除不起作用?