svetogor82 Posted May 22, 2023 Доброе время суток у меня есть ложные срабатывание пытаюсь на них сделать исключения и с что то не выходит делаю исключения в nginx location /ocs/v2.php { modsecurity_rules ' SecRuleRemoveById 949110 920170 '; } и всё рано вижу блокировку ---zMWl5NSy---H-- ModSecurity: Warning. Matched "Operator `Rx' with parameter `^0?$' against variable `REQUEST_HEADERS:Content-Length' (Value: `17' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "162"] [id "920170"] [rev ""] [msg "GET or HEAD Request with Body Content"] [data "17"] [severity "2"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "172.16.1.55"] [uri "/ocs/v2.php/apps/user_status/api/v1/heartbeat"] [unique_id "168473616779.455359"] [ref "o0,3v0,3v468,2"] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `5' ) [file "/etc/nginx/modsec/coreruleset-3.3.4/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "81"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [data ""] [severity "2"] [ver "OWASP_CRS/3.3.4"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "172.16.1.55"] [uri "/ocs/v2.php/apps/user_status/api/v1/heartbeat"] [unique_id "168473616779.455359"] [ref ""] подскажите как правильно делать исключения Share this post Link to post Share on other sites More sharing options...
