更新 ModSecurity 核心规则的参数
Updating an arugement of a ModSecurity Core Rule
我有一个很大的表单,可能最多需要发送 1000 个 POST DATA
个参数。有时它会触发来自 OWASP Core 规则集规则 960335
的误报。我在 modsecurity_crs_23_request_limits.conf
中查看了该规则,但我无法弄清楚如何在该特定表单上将 max_num_args 设置得更高。
在modsecurity_crs_60_customrules.conf
中,我试过:
<LocationMatch "/form.php">
SecRuleUpdateTargetById 960335 ARGS:"@gt %1000"
</LocationMatch>
但是语法检查给了我这个错误
`Updating target by ID with no ruleset in this context`
谁能告诉我如何将 max_num_args 设置得更高?
规则如下 960335
:
SecRule &TX:MAX_NUM_ARGS "@eq 1" "chain,phase:2,t:none,block,
msg:'Too many arguments in request',id:'960335',
severity:'4',rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'9',
accuracy:'9',tag:'OWASP_CRS/POLICY/SIZE_LIMIT'"
SecRule &ARGS "@gt %{tx.max_num_args}" "t:none,setvar:'tx.msg=%{rule.msg}',
setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},
setvar:tx.%{rule.id}-OWASP_CRS/POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}"
这是在 modsecurity_crs_10_setup.conf 文件中设置的:
# -- Maximum number of arguments in request limited
SecAction \
"id:'900006', \
phase:1, \
t:none, \
setvar:tx.max_num_args=255, \
nolog, \
pass"
我有一个很大的表单,可能最多需要发送 1000 个 POST DATA
个参数。有时它会触发来自 OWASP Core 规则集规则 960335
的误报。我在 modsecurity_crs_23_request_limits.conf
中查看了该规则,但我无法弄清楚如何在该特定表单上将 max_num_args 设置得更高。
在modsecurity_crs_60_customrules.conf
中,我试过:
<LocationMatch "/form.php">
SecRuleUpdateTargetById 960335 ARGS:"@gt %1000"
</LocationMatch>
但是语法检查给了我这个错误
`Updating target by ID with no ruleset in this context`
谁能告诉我如何将 max_num_args 设置得更高?
规则如下 960335
:
SecRule &TX:MAX_NUM_ARGS "@eq 1" "chain,phase:2,t:none,block,
msg:'Too many arguments in request',id:'960335',
severity:'4',rev:'2',ver:'OWASP_CRS/2.2.9',maturity:'9',
accuracy:'9',tag:'OWASP_CRS/POLICY/SIZE_LIMIT'"
SecRule &ARGS "@gt %{tx.max_num_args}" "t:none,setvar:'tx.msg=%{rule.msg}',
setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},
setvar:tx.%{rule.id}-OWASP_CRS/POLICY/SIZE_LIMIT-%{matched_var_name}=%{matched_var}"
这是在 modsecurity_crs_10_setup.conf 文件中设置的:
# -- Maximum number of arguments in request limited
SecAction \
"id:'900006', \
phase:1, \
t:none, \
setvar:tx.max_num_args=255, \
nolog, \
pass"