Modsecurity 阻止了我的合法 XHR POST 请求(403 禁止)

tag-icon tag-icon nginx mod-security
Modsecurity 阻止了我的合法 XHR POST 请求(403 禁止)

我对 modsecurity 主题还不熟悉,所以答案可能很简单,但是......

我在新的 nginx/1.24.0 服务器上设置了 modsecurity,并使用了一组默认的推荐规则:coreruleset-3.3.0,从那时起我的 POST XHR 请求就被阻止了。这是一个基本的 Laravel/Livewire 表单。

modsecurity 发送和记录的标头如下所示:

POST /livewire/update HTTP/2.0
content-type: application/json
origin: https://example.com
referer: https://example.com/en
pragma: no-cache
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=eyJpdiI6IkJVTXpEK01rYTRYVFI1aGxjOE9T...
content-length: 540
accept-language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
te: trailers
accept: */*
cache-control: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
sec-fetch-site: same-origin
sec-fetch-dest: empty
authorization: Basic Y2Z0cmFbjpjmdG9u
host: example.com
sec-fetch-mode: no-cors

日志报告:

  1. “Content-Length HTTP 标头不是数字” - 但对我来说“540”看起来是数字!
ModSecurity: Warning. Matched "Operator `Rx' with parameter `^\d+$' against variable `REQUEST_HEADERS:content-length' (Value: `540' ) 
[file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] 
[line "127"] 
[id "920160"] 
[msg "Content-Length HTTP header is not numeric"] 
[data "540"] 
[severity "2"]
  1. “非法的 Content-Type 标头”——“application/json”怎么会是非法的?
ModSecurity: Warning. Matched "Operator `Rx' with parameter `^[\w/.+-]+(?... against variable `REQUEST_HEADERS:content-type' (Value: `application/json' ) 
[file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] 
[line "915"] 
[id "920470"] 
[rev ""] 
[msg "Illegal Content-Type header"] 
[data "application/json"] 
[severity "2"]
  1. “无效的 HTTP 请求行” - 这个“POST /livewire/update HTTP/2.0”有什么无效之处?
ModSecurity: Warning. Matched "Operator `Rx' with parameter `^(?i:(?:[a-... against variable `REQUEST_LINE' (Value: `POST /livewire/update HTTP/2.0' ) 
[file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] 
[line "47"] 
[id "920100"] 
[msg "Invalid HTTP Request Line"] 
[data "POST /livewire/update HTTP/2.0"]

..然后请求被阻止

ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `13' ) 
[file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] 
[line "80"] 
[id "949110"] 
[msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] 
[data ""] 
[severity "2"]

所以我感到非常惊讶,我不知道我能做些什么,因为这些规则看起来合法,但我也不想违反任何一条。

相关内容