我有一个Debian Jessie盒子,Apache 2.4和启用了基本规则的默认mod_security。 当我尝试在PHP代码中实现Google reCAPTCHA解决scheme时,modsecurity将阻止返回reCAPTCHAvariables的页面。 正如我所看到的,一个modsecurity SQL注入保护规则阻止我的网站与reCAPTCHA。 有没有一种简单的方法,使得基于SQL注入的规则让Google reCAPTCHA正常工作? 我可以以某种方式排除/白名单variables从modsecurity规则检查?
相关的Apache错误日志条目:
[Thu May 05 20:31:17.407153 2016] [:error] [pid 3604] [client 199.67.203.142] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike |regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARG S:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [ data "Matched Data: XOr found within ARGS:g-recaptcha-response: 03AHJ_VuuKzOoRV1ncHa31GhztRb7FuB6sFfWtJqRbgw71veDabEm-V1Xkm4Rfh2hsjodBH7Y_S1D0XomTniOoLr9hNKKXlcxAestey_bIW8pZUSHF9N5PGOGagrbdeliSOnCe3Ff-qRRsvrBAh 8lw19hGfOlYMwdYkONJNaiq5KQgELQQxqa9suxdKLscNLvmRBsrJaZc8NNxtZBYMgcuf7_MR0fJRdItiXFs-ttqxvnCUUCWH8bbnXdbfoFBaeuH2j-JHxpNnbTLz6NCVZHSMMFzJ_45GgYUajzeLBmn8u74qdOgIQDRRUSDc4ySnAxozESwb94_RY4o7FhpQu3ebytd2mGcmHPte-cn MH2VSmsOLCQOVXKvytwC2w8c3JRiFCYTdpMJ0TrDSwlw5b9P4uOhjENJJRRDxRhaUnRktOb0KBJdaevwjYzFJVXVmfuTv..."] [hostname "mzhostname.com"] [uri "/test/test2_load.php"] [unique_id "VyuRdcM4N88AAA4U-PgAAAAB"] 加载/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf文件后,将以下内容添加到Apacheconfiguration中:
SecRuleUpdateTargetById 981319 !ARGS:'g-recaptcha-response'
请注意,您可能需要从其他规则中类似地将此参数列入白名单。