SCENARIO: Plesk + Mod Security by Atomicorp, SQL injection rules attivate
PROBLEMA: i salvataggi da Strumenti -> Viste produce un server error 403 (Forbidden)
MOTIVO: nel log di apache si trova la spiegazione …
Codice: Seleziona tutto
[client 10.0.0.46] ModSecurity: Access denied with code 403 (phase 2).
Pattern match "(?:(?:truncate|truncate|rename)[[:space:]]+
[a-z| |0-9|\\\\*|\\\\.|\\\\,|\\\\(|\\\\)|_|\\\\-]+[[:space:]]
+(?:into|from|table|database|index|view)[[:space:]]+[a-z|0-9|\\\\*| |
\\\\{|\\\\.|\\\\,|\\\\(|\\\\)|_|\\\\-]|\\\\bunion\\\\b.{1,256}?
select.{1,256}[a-z0-9\\\\(\\\\)].{1,256}(?:from|#| ..." at ARGS:query[3]. [file "/etc/apache2/modsecurity.d/rules/tortix/modsec/10_asl_rules.conf"]
[line "300"] [id "340016"] [rev "46"] [msg "Atomicorp.com WAF Rules:
Attack Blocked - SQL injection attempt detected"] [data "select ragione_sociale from a"]
[severity "CRITICAL"] [tag "SQLi"] [hostname " … il nome host … "] [uri "/editor.php"] [unique_id "W5bQ5H8AAAEAAFTsGrwAAAAH"], referer:
https:// … il server host … /editor.php?id_module=37&id_record=15
Codice: Seleziona tutto
<LocationMatch /editor.php>
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</LocationMatch>
E' un modo quick & dirty, ma funzia. Info riprese da: https://wiki.atomicorp.com/wiki/index.php/Mod_security
