modsecurity“入站异常分数"； [英] modsecurity "Inbound Anomaly Score"

问题描述

在OVH共享PRO托管的站点中，我的日志中出现了很多此错误=>

I got a lot of this error on my logs in a site hosting by OVH shared PRO =>

ModSecurity: Warning. 
Operator LT matched 20 at TX:inbound_anomaly_score.
[file "/usr/local/apache2/conf/modsecurity/base_rules/modsecurity_crs_60_correlation.conf"] 
[line "32"] 
[msg "Inbound Anomaly Score (Total Inbound Score: 2, SQLi=, XSS=): Pragma Header requires Cache-Control Header for HTTP/1.1 requests."]

似乎来自WAF的conf.有人知道如何解决或纠正这些错误吗?

It seems it comes from the WAF's conf. Does anybody know how to workaround or fix those errors?

推荐答案

当您收到的消息是由于Mod Security规则集中的正匹配而阻止传入请求时，是来自ModSecurity的典型消息.

The message you get is a typical message from ModSecurity when it blocks an incoming request due to a positive match in the Mod Security ruleset.

看来，您的托管服务商将 OWASP核心规则集用于Mod Security和引发错误的相应规则如下:

It seems, your hoster uses the OWASP core ruleset for Mod Security and the according rule which throws the error is described as following:

This chained rule first checks for the existence of a Pragma request header.  If it is found,
then it checks for a corresponding Cache-Control header (as the HTTP 1.1 RFC states clients should submit
one).  If this is also missing, then it verifies the HTTP protocol version.  If it is 1.1 then the rule

通常，此规则很有意义，因为它会阻止不符合HTTP RFC的传入请求.

Generally this rule makes sense, since it blocks incoming request which are not compliant to HTTP RFC.

如果要禁用该规则，可以将以下内容放入Web服务器配置中(如果托管人允许您编辑虚拟主机配置):

If you want to disable the rule, you can place the following into your webserver configuration (if your hoster allows you to edit your virtial hosts configuration):

SecRuleRemoveById 960020

请注意，使用Mod Security 2.x不能通过使用.htaccess文件禁用规则.所以你必须

Please note, that with Mod Security 2.x it is not possible to disable rules by using .htaccess files. So you must

这篇关于modsecurity“入站异常分数"；的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！