mod_security ignoriert excludes

Apache, Lighttpd, nginx, Cherokee
toberkel
Posts: 86
Joined: 2004-07-16 17:22
Location: Hamburg

mod_security ignoriert excludes

Post by toberkel » 2008-04-24 19:59

Hallo,

ich habe leider ein kleines Problem mit mod_security. Ich verwende die Rules von gotroot.com. Das funktioniert soweit auch gut, allerdings habe ich nun ein kleines Problem. Ich habe folgende Regel in die excludes.conf eingefügt:

Code: Select all

<LocationMatch "/front_content.php?action=10">
  SecFilterRemove 300016
  SecFilterRemove 300018
</LocationMatch>

Leider scheint das nicht _richtig_ zu funktionieren. Nachdem ich diese Regal aktiviert habe, war mein Problem zunächst beseitigt, allerdings nicht auf allen Seiten. Auf einigen Seiten zieht die Regel nicht, obwohl die URL front_content.php?action=10 ist. Hier mal ein Logauszug vom mod_security:

Code: Select all

==30a7ea32==============================
Request: www.domain.de 85.176.88.142 - - [24/Apr/2008:19:45:08 +0200] "POST /front_content.php?action=10&idcat=43&idart=50&idartlang=50&type=CMS_HTMLHEAD&typenr=1&contenido=9f1f6ff627ed018ee44e42525390df55 HTTP/1.1" 403 227 "http://www.domain.de/front_content.php?changeview=edit&action=con_editart&idartlang=50&type=&typenr=&idart=50&idcat=43&idcatart=&lang=1&contenido=9f1f6ff627ed018ee44e42525390df55" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" - "-"
Handler: x-httpd-php
----------------------------------------
POST /front_content.php?action=10&idcat=43&idart=50&idartlang=50&type=CMS_HTMLHEAD&typenr=1&contenido=9f1f6ff627ed018ee44e42525390df55 HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Encoding: gzip,deflate
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Connection: keep-alive
Content-Length: 13931
Content-Type: application/x-www-form-urlencoded
Cookie: style=norm_small
Host: www.domain.de
Keep-Alive: 300
Referer: http://www.domain.de/front_content.php?changeview=edit&action=con_editart&idartlang=50&type=&typenr=&idart=50&idcat=43&idcatart=&lang=1&contenido=9f1f6ff627ed018ee44e42525390df55
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
mod_security-action: 403
mod_security-message: Access denied with code 403. Pattern match "!/imp/login\.php" at HEADER("Referer") [id "300018"][rev "3"] [msg "Generic PHP code injection protection via ARGS"] [severity "CRITICAL"]

13931
changeview=edit&data=50%7C1%7CPartner+World+Wide%7CHTMLHEAD%7C%7C50%7C2%7C%26nbsp%3B%7CHTMLHEAD%7C%7C50%7C1%7C++++++%3Ctable+border%3D%220%22+cellpadding%3D%221%22+cellspacing%3D%221%22+width%3D%22520%22%3E++++++++++++++++++++%3Ctbody%3E%3Ctr%3E++++++++++++++++++++%3Ctd+valign%3D%22top%22+width%3D%22180%22%3E+++++++++++++++++++++++++++%3Cp%3EBelgium+%26amp%3B+Netherlands%3Cbr%3E++++++++++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2FTMS_LOGO_01.png%22+alt%3D%22bilder%2FLogos%2FTMS_LOGO_01.png%22+title%3D%22bilder%2FLogos%2FTMS_LOGO_01.png%22+border%3D%220%22+height%3D%2236%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E++++%3C%2Fp%3E++++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3ET+%26amp%3B+M+Systems+B.+V.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Jean+Helleboog%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++Centaurusweg+148-b%3Cbr%3E+++++++++++++++++++++NL-5015+Tilburg%3Cbr%3E+++++++++++++++++++++The+Netherlands%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B31-134639540%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B31-134639663%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3AJ.Helleboog%40TMsystems.nl%22%3EJ.Helleboog%40TMsystems.nl%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.tmsystems.nl%2F%22%3Ehttp%3A%2F%2Fwww.TMsystems.nl%3C%2Fa%3E++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3ECyprus%3Cbr%3E+++++++++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2Fmedisell_LOGO.png%22+alt%3D%22bilder%2FLogos%2Fmedisell_LOGO.png%22+title%3D%22bilder%2FLogos%2Fmedisell_LOGO.png%22+border%3D%220%22+height%3D%2219%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EMedisell+Co.+Ltd.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+George+Orthodoxou%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++Vouliagmenis+8%3Cbr%3E+++++++++++++++++++++CY-2033+Strovolos%3Cbr%3E+++++++++++++++++++++Lefkosia+Cyprus%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B357-22-494300%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B357-22-2311362%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3AG.Orthodoxou%40medisell.com.cy%22%3EG.Orthodoxou%40medisell.com.cy%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.medisell.com.cy%2F%22%3Ehttp%3A%2F%2Fwww.medisell.com.cy%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E+++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E++++%3Cp%3ECzech+Republic%3Cbr%3E++++++++++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2FEnvitech_LOGO_01.png%22+alt%3D%22bilder%2FLogos%2FEnvitech_LOGO_01.png%22+title%3D%22bilder%2FLogos%2FEnvitech_LOGO_01.png%22+border%3D%220%22+height%3D%2257%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E++++%3C%2Fp%3E++++%3C%2Ftd%3E+++++++++%3Ctd%3E+++%3Cp%3E%3Cstrong%3EENVItech+Bohemia+s.r.o.%3C%2Fstrong%3E%3Cbr%3E++++++++++++%3Cstrong%3EContact+person%3A+Zdenek+Kropac%3C%2Fstrong%3E%3Cbr%3E++++++Ovocna+34%3Cbr%3E++++++161+00+Praha+6%3Cbr%3E++++Czech+Republic%3Cbr%3E++++++Tel%3A+%2B420-257-312+750%3Cbr%3E++++++Fax%3A+%2B420-257-311+780%3Cbr%3E++++++Email%3A+%3Ca+target%3D%22_self%22+href%3D%22mailto%3Aeb%40envitech-bohemia.cz%22%3Eeb%40envitech-bohemia.cz%3C%2Fa%3E%3Cbr%3E++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.envitech-bohemia.cz%2F%22%3Ehttp%3A%2F%2Fwww.envitech-bohemia.cz%3C%2Fa%3E%3C%2Fp%3E+++%3C%2Ftd%3E+++++%3C%2Ftr%3E+++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3EFrance%3Cbr%3E+++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2Fecomesure_LOGO.png%22+alt%3D%22bilder%2FLogos%2Fecomesure_LOGO.png%22+title%3D%22bilder%2FLogos%2Fecomesure_LOGO.png%22+border%3D%220%22+height%3D%2221%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EECOMESURE%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Claude+Chambre%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++3+rue+du+Grand+C%E8dre%3Cbr%3E+++++++++++++++++++++F+-+91640%3Cbr%3E+++++++++++++++++++++France%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B33-1-64+90+55+55%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B33-1-64+90+55+66%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Acontact%40ecomesure.com%22%3Econtact%40ecomesure.com%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.ecomesure.com%2F%22%3Ehttp%3A%2F%2Fwww.ecomesure.com%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3EGreat+Britain%3Cbr%3E+++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2Fbiral_LOGO.png%22+alt%3D%22bilder%2FLogos%2Fbiral_LOGO.png%22+title%3D%22bilder%2FLogos%2Fbiral_LOGO.png%22+border%3D%220%22+height%3D%2238%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++++++++++++++++++++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EBIRAL%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Richard+Mc+Kay%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++P.O.Box+2%3Cbr%3E+++++++++++++++++++++Portishead%3Cbr%3E+++++++++++++++++++++Bristol+BS20+7BL%3Cbr%3E+++++++++++++++++++++Great+Britain%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B44-1275-847787%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B44-1275-847303%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Amckay%40biral.com%22%3Emckay%40biral.com%3C%2Fa%3E+or+%3Ca+href%3D%22mailto%3Amet%40biral.com%22%3Emet%40biral.com%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.biral.com%2F%22%3Ehttp%3A%2F%2Fwww.biral.com%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3EIreland%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EMeasurIT+Technologies+Ltd.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Mark+Radford%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++56+Southern+Cross+Business+Park%3Cbr%3E+++++++++++++++++++++Bray%2C+Co.+Wicklow%3Cbr%3E+++++++++++++++++++++Ireland%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B353-12768104%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B353-12768941%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Amark%40measurIT.com%22%3Emark%40measurIT.com%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.measurit.com%2F%22%3Ehttp%3A%2F%2Fwww.measurit.com%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3EKorea%3Cbr%3E+++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2Fapm_logo.png%22+alt%3D%22bilder%2FLogos%2Fapm_logo.png%22+title%3D%22bilder%2FLogos%2Fapm_logo.png%22+border%3D%220%22+height%3D%2224%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EAPM+Engineering+Co.%2C+Ltd.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+G.+H.+Yoon%3C%2Fstrong%3E%3Cbr%3E++++++++++++++++++++202-808+Bucheon+Techno-Park%2C+192%2C+Yakdae-Dong%2C+Wonmi-Ku%2C%3Cbr%3E++++++++++++++++++++Bucheon-City%2C+Kyunggi-Do%2C+KOREA.+Zip+code%26nbsp%3B+420-733+%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B82-32-219-7700%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B82-32-219-7707%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Aapmkorea%40hitel.net%22%3Eapmkorea%40hitel.net%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.apmkorea.co.kr%2F%22%3Ehttp%3A%2F%2Fwww.apmkorea.co.kr%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3EMaroc%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3ECOFAS+S.A.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+A.+Mouhriz%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++2%2C+Rue+Ibnou+Al+Arif%3Cbr%3E+++++++++++++++++++++M%E2arif+%2F+Casablanca%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B2122-2-230076%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B2122-2-232033%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3ACofas%40mail.net.ma%22%3ECofas%40mail.net.ma%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++++++++++++++++++++++%3Cp%3EPortugal%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EV%F3rtice+Equipmentos+Cientificos%2C+Ltd.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Luis+Chaves+da+Costa%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++Rue+de+Xabregas%2C+20-Piso+2%2C+Esc+204%3Cbr%3E+++++++++++++++++++++P-1900+Lisabon%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B351-1-8683559%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B351-1-8682946%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Ageral%40esoterica.pt%22%3Egeral%40esoterica.pt%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.vortice-ida.pt%22%3Ehttp%3A%2F%2Fwww.vortice-lda.pt%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++++++++++++++++++++++%3Cp%3ESpain%3Cbr%3E+++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2FTCA_LOGO.png%22+alt%3D%22bilder%2FLogos%2FTCA_LOGO.png%22+title%3D%22bilder%2FLogos%2FTCA_LOGO.png%22+border%3D%220%22+height%3D%2229%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3ETCA-Technicas+de+Control+y+Analisis%2C+S.A.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Alberto+Flores%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++c%2FGerard+Piera%2C+3%3Cbr%3E+++++++++++++++++++++E-08028+Barcelona%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B34-93-4091280%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B34-93-4112335%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Aflores%40tca.es%22%3Eflores%40tca.es%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.tca.es%2F%22%3Ehttp%3A%2F%2Fwww.tca.es%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++++++++++++++++++++++%3Cp%3ESwitzerland%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EABISSA+Environment+SA%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Fr%E9d%E9ric+de+de+Rutt%E9%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++Avenue+des+Mouettas%3Cbr%3E+++++++++++++++++++++CH+-+1027+Lonay%3Cbr%3E+++++++++++++++++++++Switzerland%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B%2B41-21-803+71+82%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B%2B41-21-803+71+88%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Aabissa_environment%40bluewin.ch%22%3Eabissa_environment%40bluewin.ch%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++++++++++++++++++++++%3Cp%3ETurkey%3Cbr%3E+++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2FNormtest_LOGO.png%22+alt%3D%22bilder%2FLogos%2FNormtest_LOGO.png%22+title%3D%22bilder%2FLogos%2FNormtest_LOGO.png%22+border%3D%220%22+height%3D%2221%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3ENormtest+Dis+Ticaret+Ltd+Sirketi%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++++++++%3Cstrong%3EContact+person%3A+Mr.+Mehmet+T%FCrken%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++Sedat+Simavi+Sokak+22%2F5%3Cbr%3E+++++++++++++++++++++%C7ankaya%3Cbr%3E+++++++++++++++++++++06680+Ankara%3Cbr%3E+++++++++++++++++++++Turkey%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B90-312-4418839%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B90-312-4386495%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Ainfo%40normtest.com.tr%22%3Einfo%40normtest.com.tr%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.normtest.com.tr%2F%22%3Ehttp%3A%2F%2Fwww.normtest.com.tr%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E++++++++++++++++++++%3C%2Ftbody%3E%3C%2Ftable%3E+++++++++++++++%3Cp%3E%26nbsp%3B%3C%2Fp%3E%7CHTML%7C%7C&con_class=

HTTP/1.1 403 Forbidden
Keep-Alive: timeout=15, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
--30a7ea32--



Überseh ich evtl. was? Die Regel die mod_security dazu bringt den Request zu blocken ist doch 300018, die die ich in der excludes.conf erlaubt hab, oder nicht?

MfG,

toberkel

User avatar
Joe User
Project Manager
Project Manager
Posts: 11138
Joined: 2003-02-27 01:00
Location: Hamburg

Re: mod_security ignoriert excludes

Post by Joe User » 2008-04-24 20:15

http://httpd.apache.org/docs/2.2/mod/core.html#location
In den Docs wird nirgends der QUERY_STRING in Location[Match] erlaubt...
PayPal.Me/JoeUserFreeBSD Remote Installation
Wings for LifeWings for Life World Run

„If there’s more than one possible outcome of a job or task, and one
of those outcomes will result in disaster or an undesirable consequence,
then somebody will do it that way.“ -- Edward Aloysius Murphy Jr.

toberkel
Posts: 86
Joined: 2004-07-16 17:22
Location: Hamburg

Re: mod_security ignoriert excludes

Post by toberkel » 2008-04-24 20:18

Hi,

dieses LocationMatch kommt ja von mod_security... Ich kann dir leider nicht ganz folgen was du meinst :(

MfG,

toberkel

toberkel
Posts: 86
Joined: 2004-07-16 17:22
Location: Hamburg

Re: mod_security ignoriert excludes

Post by toberkel » 2008-04-25 17:38

Hi.

Ich habe eine eventuelle Lösung gefunden. Bin mir aber nicht sicher und würde noch gerne um Rat fragen.

Wenn ich folgende Regel in mod_security einfüge:

Code: Select all

SecFilterSelective REMOTE_USER "!admin" "allow"


würde es doch bedeuten das User die NICHT als admin authentifiziert sind, alles erlaubt ist oder? Und

Code: Select all

SecFilterSelective REMOTE_USER "admin" "allow"

sollte doch bedeuten das dem per htacces authentifizierten User admin alles erlaubt ist oder?

Leider funktioniert das nicht wie gewünscht... :( Ich logge mich per htaccess als admin ein, und ich bekomme immernoch Forbiddenseiten da mod_security wieder zugeschlagen hat.

Hat jemand eine Idee?

MfG,

toberkel

cirox
Posts: 212
Joined: 2006-05-08 23:20
Location: Berlin

Re: mod_security ignoriert excludes

Post by cirox » 2008-05-05 08:34

Code: Select all

#SecFilterSelective REQUEST_URI "!(/tiki-objectpermissions|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/e107_plugins/log/log|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs)" "chain,id:300018,rev:3,severity:2,msg:'Generic PHP code injection protection via ARGS'"


Versuch mal:

Code: Select all

[#SecFilterSelective REQUEST_URI "!(/front_content.php|tiki-objectpermissions|aardvarkts/install/index|/do_command|banner_click|wp-login|tiki-view_cache|/horde/index|/e107_plugins/log/log|/horde/services/go|/goto|gallery2?/main|ad-?server/adjs)" "chain,id:300018,rev:3,severity:2,msg:'Generic PHP code injection protection via ARGS'"


oder nur front_content.