ModSecurity:访问被拒绝，代码为 403 &检测到 SQL 注入 [英] ModSecurity: Access denied with code 403 & SQL injection Detected

问题描述

我有一个试图保存信息但被阻止的 wordpress 插件.这可能是误报，我不确定.如何启用一个特定插件来绕过导致它被阻止的任何规则?

I have a wordpress plugin that is attempting to save information but is being blocked. This may be a false positive I'm not sure. How can I enable one specific plugin to bypass whatever rule is causing it to be blocked?

以下是我的主机向我抛出的错误代码.

Below is the error code my host is throwing at me.

[Tue Sep 29 08:50:45 2015] [error] [client xxx.xxx.xxx.xxx] ModSecurity:访问被拒绝，代码为 403(第 2 阶段).操作员 GT 在 TX:sql_injection_score 匹配 15.[文件/etc/httpd/modsecurity.d/modsecurity_crs_49_inbound_blocking.conf"] [行51"] [id4049002"] [msg检测到SQL注入(得分20):检测到XSS攻击"] [主机名xxxxx.com"] [uri "/wp-admin/admin.php"] [unique_id "VgqJJWjP6lgAAEaaTogAAAAZ"]

这是一个已经存在的插件.它被称为 WP Social Invitations - wordpress.org/plugins/wp-social-invitations 老实说，大部分内容都在我的脑海中.我不确定我什至需要向您展示什么代码.开发者告诉我他们使用wordpress默认的wp_options表来存储数据，所以应该不会出现这个错误

It's an already existing plugin. It is called WP Social Invitations - wordpress.org/plugins/wp-social-invitations To be completely honest most of this is above my head. I'm not sure what code I would even need to show you. The developer told me that they use the wordpress default wp_options table to store data, so this error shouldn't occur

推荐答案

要在此处查看有关 ModSecurity 的更多信息的开始视图:"ModSecurity 访问被拒绝"在日志中.我不明白它在告诉我什么.我应该担心吗?

For a start view here to see some more information about ModSecurity: "ModSecurity Access Denied" in logs. I don't understand what its telling me.. Should I be concerned?

您给出的错误表明，出于某种原因，ModSecurity 标记了请求并阻止了它.

The error you've given shows that, for some reason, ModSecurity has flagged the request and blocked it.

触发的规则 (4049002) 表示已超过阈值.这一定意味着之前的规则已经设置了该变量.因此，您需要向我们提供有关设置 sql_injection_score 的先前错误的详细信息 - 大概在您所提供的错误的正上方.

The rule that has fired (4049002) is saying that a threshold has been passed. This must mean previous rule(s) have set that variable. So you need to give us the details on the previous errors that have set the sql_injection_score - presumably on the lines just above the one you've given.

或者，您可以将以下配置添加到您的 Apache 配置(例如 .htaccess 文件)中以完全防止触发此规则:

Alternatively, you could just add the following config to your Apache config (e.g. .htaccess file) to prevent this rule firing at all:

SecRuleRemoveByID 4049002

然而，这会消除规则为您提供的 SQL 注入攻击的保护.因此，更好的选择是找到导致此问题发生的原始规则，并查看您是否可以仅将其原因列入白名单，而不是将整个规则全面列入白名单.

However this removes the protection that rule gives you for SQL injection attacks. So the better option is to find the original rule(s) that caused this to fire and to see if you can whitelist just the cause of that, rather than the blanket whitelisting of this entire rule.

这篇关于ModSecurity:访问被拒绝，代码为 403 &检测到 SQL 注入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！