使用 http://hostname 从另一台计算机访问 apache 有效,但 http://ipaddress 给出 403 forbidden
accessing apache from another computer using http://hostname works but http://ipaddress gives 403 forbidden
我在 windows 10 上使用 Apache 版本 2.4.7 (Ubuntu) [IP: 192.168.1.10] 安装了 WSL 运行,从IP:192.168.1.107 使用 http://192.168.1.10, however, http://mmtserver 有效。当我从 .107 ping mmtserver 时,它给了我来自 fe80::65a5:53a6:cf99:5644%6 [也许是 IPv6 问题?] 的回复。我已经尝试了一些关于允许、拒绝和允许所有更改的更改,但继续提出 403。我用谷歌搜索并搜索了类似的 Whosebug 403 问题,但似乎找不到适合我的解决方案。有什么建议吗?
以下是 /etc/hosts、/etc/apache2/apache.conf、/etc/apache2/enabled-sites/000-default.conf 和 /etc/apache2/ports.conf.
的一些相关摘录
/etc/hosts
127.0.0.1 localhost
192.168.1.10 mmtserver
/etc/apache2/apache2.conf
ServerName 192.168.1.10:80
<Directory />
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride None
Require all granted
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
/etc/apache2/ports.conf
Listen 192.168.1.10:80
/etc/apache2/sites-enabled/000-default
<VirtualHost 192.168.1.10:80>
DocumentRoot "/var/www/html"
ServerName 192.168.1.10:80
<Directory />
Options Indexes Multiviews FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
/var/log/apache2/error_log
[Thu Mar 15 08:01:14.560826 2018] [:error] [pid 848] [client 192.168.1.107] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "98"] [id "960017"] [rev "2"] [msg "Host header is a numeric IP address"] [data "192.168.1.10"] [severity "WARNING"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "http://technet.microsoft.com/en-us/magazine/2005.01.hackerbasher.aspx"] [hostname "192.168.1.10"] [uri "/favicon.ico"] [unique_id "Wqpumn8AAQEAAANQZyMAAAAA"]
在 /usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf
中注释掉第 98 行
#SecRule REQUEST_HEADERS:Host "^[\d.:]+$" "phase:2,rev:'2',ver:'OWASP_CRS/2.2.8',maturity:'9',accuracy:'9',t:none,block,msg:'Host header is a numeric IP address',logdata:'%{matched_var}',severity:'4',id:'960017',tag:'OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST',tag:'WASCTC/WASC-21',tag:'OWASP_TOP_10/A7',tag:'PCI/6.5.10',tag:'http://technet.microsoft.com/en-us/magazine/2005.01.hackerbasher.aspx',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/POLICY/IP_HOST-%{matched_var_name}=%{matched_var}"
重新启动了 apache2,http://ipaddress 现在工作了
我在 windows 10 上使用 Apache 版本 2.4.7 (Ubuntu) [IP: 192.168.1.10] 安装了 WSL 运行,从IP:192.168.1.107 使用 http://192.168.1.10, however, http://mmtserver 有效。当我从 .107 ping mmtserver 时,它给了我来自 fe80::65a5:53a6:cf99:5644%6 [也许是 IPv6 问题?] 的回复。我已经尝试了一些关于允许、拒绝和允许所有更改的更改,但继续提出 403。我用谷歌搜索并搜索了类似的 Whosebug 403 问题,但似乎找不到适合我的解决方案。有什么建议吗?
以下是 /etc/hosts、/etc/apache2/apache.conf、/etc/apache2/enabled-sites/000-default.conf 和 /etc/apache2/ports.conf.
的一些相关摘录/etc/hosts
127.0.0.1 localhost
192.168.1.10 mmtserver
/etc/apache2/apache2.conf
ServerName 192.168.1.10:80
<Directory />
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride None
Require all granted
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
/etc/apache2/ports.conf
Listen 192.168.1.10:80
/etc/apache2/sites-enabled/000-default
<VirtualHost 192.168.1.10:80>
DocumentRoot "/var/www/html"
ServerName 192.168.1.10:80
<Directory />
Options Indexes Multiviews FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
/var/log/apache2/error_log
[Thu Mar 15 08:01:14.560826 2018] [:error] [pid 848] [client 192.168.1.107] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "98"] [id "960017"] [rev "2"] [msg "Host header is a numeric IP address"] [data "192.168.1.10"] [severity "WARNING"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "http://technet.microsoft.com/en-us/magazine/2005.01.hackerbasher.aspx"] [hostname "192.168.1.10"] [uri "/favicon.ico"] [unique_id "Wqpumn8AAQEAAANQZyMAAAAA"]
在 /usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf
中注释掉第 98 行#SecRule REQUEST_HEADERS:Host "^[\d.:]+$" "phase:2,rev:'2',ver:'OWASP_CRS/2.2.8',maturity:'9',accuracy:'9',t:none,block,msg:'Host header is a numeric IP address',logdata:'%{matched_var}',severity:'4',id:'960017',tag:'OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST',tag:'WASCTC/WASC-21',tag:'OWASP_TOP_10/A7',tag:'PCI/6.5.10',tag:'http://technet.microsoft.com/en-us/magazine/2005.01.hackerbasher.aspx',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.warning_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/POLICY/IP_HOST-%{matched_var_name}=%{matched_var}"
重新启动了 apache2,http://ipaddress 现在工作了