ModSecurity的CSRF规则警报 [英] ModSecurity CSRF rule alert
问题描述
我已经安装了OWASP的ModSecurity,之后在我的应用程序的所有页面都有这个规则警报。
I have installed Owasp ModSecurity, after that all pages on my application have this rule alert.
ModSecurity: Warning. Match of "eq 1" against "&ARGS:CSRF_TOKEN" required.
[file "/etc/modsecurity/activated_rules/modsecurity_crs_43_csrf_protection.conf"]
[line "31"]
[id "981143"]
[msg "CSRF Attack Detected - Missing CSRF Token."]
我也试图创建一个空白php文件只是为了检查,显示同样的规则警报。
从这一点上,我认为这个问题是不是code水平了。
I also tried to create a blank php file just to check, same rule alert is shown.
From this point I assume that the problem is not code level any more.
下面是源$ C $ C的<一个href=\"https://github.com/SpiderLabs/owasp-modsecurity-crs/blob/master/optional_rules/modsecurity_crs_43_csrf_protection.conf\"相对=nofollow> modsecurity_crs_43_csrf_protection.conf
Here is the source code for modsecurity_crs_43_csrf_protection.conf
如何解决这个问题?任何想法
Any idea on how to solve this problem?
推荐答案
这是检查你的应用程序以确保您正在使用的所有网页上CRSF令牌。因为你要code令牌到表单中的空白php文件将失败此项检查。
It's checking your application to ensure that you're using CRSF tokens on all pages. A blank php file will fail this check because you have to code the token into the form.
CRSF令牌用于验证回发从Web表单从表单的页面,而不是从攻击者来了。有关于这个维基百科的更多信息:跨站请求伪造
CRSF tokens are used to validate a postback from a web form came from your form in the page and not from an attacker. There is more information on this on Wikipedia: Cross-site request forgery
您的选项有:
- 实施CRSF在应用程序检查和提供令牌。
- 停止了ModSecurity通过删除链接从activated_rules目录modsecurity_crs_43_csrf_protection.conf这个问题检查。这是/ usr /本地/ Apache / conf目录/ CRS /默认activated_rules
这篇关于ModSecurity的CSRF规则警报的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
