当我尝试保存包含某些可能类似于 SQL 查询的文本的文件时,出现 500 内部服务器错误。所以 ModSecurity 正在阻止它:
[client xxx.xxx.xxx.xxx] ModSecurity: Access denied with code 500 (phase 2). Pattern match "(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)" at ARGS:description. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "359"] [id "300016"] [rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "xxxxxxxxxxxxx.net"] [uri "/app/3/admin/modules/product/product_a.php"] [unique_id "TzvCxkPj2kkAAH4WkMwAAAAE"]
因此,我在文件夹/app/3/admin/modules/product/上创建了一个 .htaccess 文件
<IfModule mod_security.c>
SecFilterRemove 300015
SecFilterRemove 300016
</IfModule>
但这也不能解决问题。我仍然收到 500 代码,其中包含 apache 日志文件中的日志条目。
知道为什么这可能不起作用吗?
最佳答案
问题真的是文件的保存吗?我觉得很难想象,因为这根本不是 Apache 的管辖范围。难道不是查询字符串中的查询造成了麻烦吗?
您也许能够规避这一点,例如通过对查询进行 Base64 编码(如果 33% 的大小增加不能测试 URL 的大小限制),或者将查询存储在 session 变量中并仅传递指向该变量的唯一随 secret 钥。
Edit: if you're really transmitting live SQL queries that you later execute - don't do it. It's exactly the reason why this mod_security filter exists.
either way, phpMyAdmin, a database management tool, has the same problem: It transmits live queries for running. There is a number of posts dealing with phpMyAdmin and mod_security. This one suggests a number of other filter IDs to disable. (Ideally, you would do this only for the one file that needs to receive the POST data.)
关于php - 通过 .htaccess 删除 modsecurity 规则,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9295428/