{"id":773,"date":"2022-04-18T15:06:34","date_gmt":"2022-04-18T07:06:34","guid":{"rendered":"https:\/\/blog.espnlol.com\/?p=773"},"modified":"2022-04-20T18:48:10","modified_gmt":"2022-04-20T10:48:10","slug":"nginx-modsecurity%e8%a7%84%e5%88%99%e5%bc%95%e5%8f%91%e7%9a%84%e4%b8%80%e4%ba%9b%e9%97%ae%e9%a2%98","status":"publish","type":"post","link":"https:\/\/blog.espnlol.com\/?p=773","title":{"rendered":"nginx modsecurity\u89c4\u5219\u5f15\u53d1\u7684\u4e00\u4e9b\u95ee\u9898"},"content":{"rendered":"\n

\u4e00\u3001WordPress\u65e0\u6cd5\u4e0a\u4f20<\/h2>\n\n\n\n
#\u65e5\u5fd7\u62a5\u9519\u4fe1\u606f\n{\"transaction\":{\"client_ip\":\"111.120.147.157\",\"time_stamp\":\"Mon Apr 18 14:44:27 2022\",\"server_id\":\"59dc9f7d04897c359fe52b02d661b77ba2fb97ec\",\"client_port\":2065,\"host_ip\":\"111.120.147.167\",\"host_port\":443,\"unique_id\":\"1650264267\",\"request\":{\"method\":\"POST\",\"http_version\":1.1,\"uri\":\"\/index.php?rest_route=%2Fwp%2Fv2%2Fposts%2F771&_locale=user\",\"headers\":{\"X-WP-Nonce\":\"2a6c6c438f\",\"Content-Type\":\"application\/json\",\"User-Agent\":\"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/100.0.4896.88 Safari\/537.36\",\"Sec-Fetch-Site\":\"same-origin\",\"sec-ch-ua-mobile\":\"?0\",\"Origin\":\"https:\/\/blog.espnlol.com\",\"X-HTTP-Method-Override\":\"PUT\",\"Accept\":\"application\/json, *\/*;q=0.1\",\"sec-ch-ua\":\"\\\" Not A;Brand\\\";v=\\\"99\\\", \\\"Chromium\\\";v=\\\"100\\\", \\\"Google Chrome\\\";v=\\\"100\\\"\",\"sec-ch-ua-platform\":\"\\\"macOS\\\"\",\"Referer\":\"https:\/\/blog.espnlol.com\/wp-admin\/post.php?post=771&action=edit\",\"Content-Length\":\"1288\",\"Connection\":\"keep-alive\",\"Sec-Fetch-Mode\":\"cors\",\"Host\":\"blog.espnlol.com\",\"Sec-Fetch-Dest\":\"empty\",\"Accept-Encoding\":\"gzip, deflate, br\",\"Cookie\":\"wordpress_logged_in_08062b8c63e7assdfasdfasdfasdf97888da8eafd339=asdfsadfsadf%7C1641806981%7CBySIIywdeCyglVJ6ExK9dUodceoiNModwP4JR4w1473%7C9cc60ed2b95252351ae1d6bdecasdfasdfsadfsdfsadf6b57e92693fd30fa; wordpress_test_cookie=WP%20Cookie%20check; wp_lang=zh_CN; wordpress_logged_in_b574904b4eac1f7594a2f13e115ceb10=asdfasdfsdfsdf%7C1650433949%7CCsIEzuxWWsadfasdfasdfasdfxuEasvnXZ2iz6KCvw7%7Ce2b13836871cd8c8ca3b61a7efc0dd0a0929dac5f37cde26cc197102a0dc3fb5; wp-settings-1=uploader%3D1%26ampampeditor%3Dtinymce%26ampaasdfsadfasdfad%26ampampimgsize%3Dfull%26ampamphidetb%3D1%26ampampposts_list_mode%3Dlist%26ampamppost_dfw%3Doff%26ampampeditor_plain_text_paste_warning%3D1%26ampampmfold%3Do; wp-settings-time-1=1650261150\",\"Accept-Language\":\"zh-CN,zh;q=0.9,en;q=0.8\"}},\"response\":{\"body\":\"<html>\\r\\n<head><title>405 Not Allowed<\/title><\/head>\\r\\n<body>\\r\\n<center><h1>405 Not Allowed<\/h1><\/center>\\r\\n<hr><center>nginx\/1.20.2<\/center>\\r\\n<\/body>\\r\\n<\/html>\\r\\n<!-- a padding to disable MSIE and Chrome friendly error page -->\\r\\n<!-- a padding to disable MSIE and Chrome friendly error page -->\\r\\n<!-- a padding to disable MSIE and Chrome friendly error page -->\\r\\n<!-- a padding to disable MSIE and Chrome friendly error page -->\\r\\n<!-- a padding to disable MSIE and Chrome friendly error page -->\\r\\n<!-- a padding to disable MSIE and Chrome friendly error page -->\\r\\n\",\"http_code\":405,\"headers\":{\"Server\":\"nginx\/1.20.2\",\"Date\":\"Mon, 18 Apr 2022 06:44:27 GMT\",\"Content-Length\":\"559\",\"Content-Type\":\"text\/html\",\"Connection\":\"keep-alive\"}},\"producer\":{\"modsecurity\":\"ModSecurity v3.0.6 (Linux)\",\"connector\":\"ModSecurity-nginx v1.0.2\",\"secrules_engine\":\"Enabled\",\"components\":[\"OWASP_CRS\/3.4.0-dev\\\"\"]},\"messages\":[{\"message\":\"Argument value too long\",\"details\":{\"match\":\"Matched \\\"Operator `Gt' with parameter `200' against variable `ARGS:json.content' (Value: `<!-- wp:heading -->\\\\x0a<h2>\\\\xe5\\\\x9f\\\\xba\\\\xe4\\\\xba\\\\x8edocker\\\\xe5\\\\xae\\\\x89\\\\xe8\\\\xa3\\\\x85\\\\xe5\\\\xae\\\\x8cnextclo (2361 characters omitted)' )\",\"reference\":\"v13,1213t:length\",\"ruleId\":\"920370\",\"file\":\"\/etc\/modsecurity.d\/owasp-crs\/rules\/REQUEST-920-PROTOCOL-ENFORCEMENT.conf\",\"lineNumber\":\"828\",\"data\":\"ARGS:json.content=1213\",\"severity\":\"2\",\"ver\":\"OWASP_CRS\/3.4.0-dev\",\"rev\":\"\",\"tags\":[\"application-multi\",\"language-multi\",\"platform-multi\",\"attack-protocol\",\"paranoia-level\/1\",\"OWASP_CRS\",\"capec\/1000\/210\/272\"],\"maturity\":\"0\",\"accuracy\":\"0\"}}]}}\n\n#\u901a\u8fc7\u4e0a\u8ff0\u53ef\u4ee5\u770b\u51fa\u89c4\u5219\u914d\u7f6eREQUEST-920-PROTOCOL-ENFORCEMENT.conf\u4e2d\u7684920370rule\u963b\u65ad\u4e86\u8bf7\u6c42\nSecRule &TX:ARG_LENGTH \"@eq 1\" \\\n    \"id:920370,\\\n    phase:2,\\\n    block,\\  ---> \u4fee\u6539\u4e3apass\u5373\u53ef\n    t:none,\\\n    msg:'Argument value too long',\\\n    logdata:'%{MATCHED_VAR_NAME}=%{MATCHED_VAR}',\\\n    tag:'application-multi',\\\n    tag:'language-multi',\\\n    tag:'platform-multi',\\\n    tag:'attack-protocol',\\\n    tag:'paranoia-level\/1',\\\n    tag:'OWASP_CRS',\\\n    tag:'capec\/1000\/210\/272',\\\n    ver:'OWASP_CRS\/3.4.0-dev',\\\n    severity:'CRITICAL',\\\n    chain\"\n    SecRule ARGS \"@gt %{tx.arg_length}\" \\\n        \"t:none,t:length,\\\n        setvar:'tx.anomaly_score_pl1=+%{tx.critical_anomaly_score}'\"<\/pre>\n\n\n\n
\u4e8c\u3001nextcloud\u65e0\u6cd5\u6253\u5f00\u56fe\u7247\u53ca\u6587\u4ef6\u6d4f\u89c8<\/h2>\n\n\n\n
#\u65e5\u5fd7\u62a5\u9519\u4fe1\u606f\n{\"transaction\":{\"client_ip\":\"111.120.147.157\",\"time_stamp\":\"Mon Apr 18 13:28:52 2022\",\"server_id\":\"2cfe5f887cb2c23a7d43f5cad97bfe6480614d5d\",\"client_port\":2181,\"host_ip\":\"111.120.147.167\",\"host_port\":8443,\"unique_id\":\"1650259732\",\"request\":{\"method\":\"SEARCH\",\"http_version\":1.1,\"uri\":\"\/remote.php\/dav\/\",\"headers\":{\"Depth\":\"infinity\",\"Origin\":\"https:\/\/pan.smszhd.com:8443\",\"requesttoken\":\"asdfasdfasdfasdfasdffGhlMvzEIp9VN8XTs=:dfsadfsadfNUCvWKMnn\/CbhiSy9HCF7z9VtikRnSsqdkg=\",\"Content-Type\":\"text\/xml\",\"Accept-Encoding\":\"gzip, deflate, br\",\"Cookie\":\"__Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oc0djgsvdlxg=asdfsdfsfc19b4638239b34f4eaca; oc_sessionPassphrase=lUIC79%2Bc7fr1oB2BST428Ys2DUBmJcGG%2FODUOpO%2F1RbTln%2BNxchinZIDrUffEsE9I8APhecA%2FhJVFoX4gdWsf%2Bar4VwkuRWnh5mlr%2F0%2Fcab%2FBasdfsdfasdf; nc_username=sadfasdf; nc_token=yWdPRU0IDJbVasdfsadfasdfasdf; nc_session_id=0198d3def292c19b4638239b34f4eaca\",\"Content-Length\":\"1583\",\"Accept-Language\":\"zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\",\"Accept\":\"text\/plain\",\"Cache-Control\":\"max-age=0\",\"User-Agent\":\"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:99.0) Gecko\/20100101 Firefox\/99.0\",\"Sec-Fetch-Site\":\"same-origin\",\"Sec-Fetch-Dest\":\"empty\",\"Host\":\"pan.smszhd.com:8443\",\"Sec-Fetch-Mode\":\"cors\",\"Connection\":\"keep-alive\"}},\"response\":{\"body\":\"\",\"http_code\":405,\"headers\":{}},\"producer\":{\"modsecurity\":\"ModSecurity v3.0.6 (Linux)\",\"connector\":\"ModSecurity-nginx v1.0.2\",\"secrules_engine\":\"Enabled\",\"components\":[\"OWASP_CRS\/3.4.0-dev\\\"\"]},\"messages\":[{\"message\":\"Method is not allowed by policy\",\"details\":{\"match\":\"Matched \\\"Operator `Within' with parameter `GET POST PUT' against variable `REQUEST_METHOD' (Value: `SEARCH' )\",\"reference\":\"v0,6\",\"ruleId\":\"911100\",\"file\":\"\/etc\/modsecurity.d\/owasp-crs\/rules\/REQUEST-911-METHOD-ENFORCEMENT.conf\",\"lineNumber\":\"28\",\"data\":\"SEARCH\",\"severity\":\"2\",\"ver\":\"OWASP_CRS\/3.4.0-dev\",\"rev\":\"\",\"tags\":[\"application-multi\",\"language-multi\",\"platform-multi\",\"attack-generic\",\"paranoia-level\/1\",\"OWASP_CRS\",\"capec\/1000\/210\/272\/220\/274\",\"PCI\/12.1\"],\"maturity\":\"0\",\"accuracy\":\"0\"}}]}}\n\n#\u901a\u8fc7\u4e0a\u8ff0\u53ef\u4ee5\u770b\u51fa\u89c4\u5219\u914d\u7f6eREQUEST-911-METHOD-ENFORCEMENT.conf\u4e2d\u7684911100rule\u963b\u65ad\u4e86\u8bf7\u6c42,\u6253\u5f00\u89c4\u5219\u5e93REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf\uff0c\u65b0\u589e\u4e0b\u9762\u914d\u7f6e\nSecAction \\\n    \"id:911100,\\\n    phase:1,\\\n    nolog,\\\n    pass,\\\n    t:none,\\\n    setvar:tx.crs_exclusions_nextcloud=1\"<\/pre>\n","protected":false},"excerpt":{"rendered":"
\u4e00\u3001WordPress\u65e0\u6cd5\u4e0a\u4f20 \u4e8c\u3001nextcloud\u65e0\u6cd5\u6253\u5f00\u56fe\u7247\u53ca\u6587\u4ef6\u6d4f\u89c8<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-773","post","type-post","status-publish","format-standard","hentry","category-nginx"],"_links":{"self":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts\/773","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=773"}],"version-history":[{"count":2,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts\/773\/revisions"}],"predecessor-version":[{"id":787,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=\/wp\/v2\/posts\/773\/revisions\/787"}],"wp:attachment":[{"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=773"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.espnlol.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}