服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Mod_security – 语法错误
Intereting Posts
如何在新服务器上testing网站? PHP命名pipe道问题 服务器locking,/ var / log / messages报告“超出积压限制” 如何在Windows XP专业版设置邮件服务器? 用防火墙限制IP地址来保护暴露的RDP服务器是否是一个有效的安全决定? 阻止用户检索办公室安装密钥 Ansible:在组之间共享库存variables 防火墙ACLpipe理工具 Windows GPO“允许远程shell访问”,一旦启用,在哪里设置“False”? 显示filter中tcp.dstport的正确语法是什么? 为什么httpd似乎使用相同的可执行文件的不同版本的Python? NGinx – 多个SSL域,单个.conf文件 注销后如何返回nohup? Windows Server 2008中的TCP / IP协议栈与Windows 7旗舰版 在Windows上更好的telnet工具

Mod_security – 语法错误

我的Web服务器上有一个受密码保护的目录。 为了防止暴力攻击,我试图在apache2configuration文件中添加基于IP的BLockingconfiguration。

但每次我重新启动Apache2我得到语法错误。 有谁知道如何解决这个问题? 谢谢

Apache版本:2.2
Mod Security CRS – 2.2.8-1

重新启动Apache时出错 

/etc/init.d/apache2 restart * Restarting web server apache2 [fail] * The apache2 configtest failed. Output of config test was: AH00526: Syntax error on line 252 of /etc/apache2/apache2.conf: ModSecurity: No action id present within the rule Action 'configtest' failed. The Apache error log may have more information.

这里是Apacheconfiguration文件的内容: 

 232 Alias /shared /var/shared 233 <Directory /var/shared> 234 Options Indexes MultiViews FollowSymLinks 235 AllowOverride AuthConfig 236 Order allow,deny 237 Allow from all 238 </Directory> 239 240 <IfModule security2_module> 241 Include /usr/share/modsecurity-crs/*.conf 242 Include /usr/share/modsecurity-crs/base_rules/*.conf 243 </IfModule> 244 <LocationMatch /shared> 245 # Uncomment to troubleshoot 246 SecDebugLogLevel 9 247 SecDebugLog /tmp/troubleshooting.log 248 249 # Enforce an existing IP address block 250 SecRule IP:bf_block "@eq 1" \ 251 "phase:2,deny,\ 252 msg:'IP address blocked because of suspected brute-forceattack'" 253 254 # Check that this is a POST 255 SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,nolog,pass" 256 # AND Check for authentication failure and increment counters 257 # NOTE this is for a Rails application, you probably need to customize this 258 SecRule RESPONSE_STATUS "^200" \ 259 "setvar:IP.bf_counter=+1" 260 261 # Check for too many failures from a single IP address. Block for 10 minutes. 262 SecRule IP:bf_counter "@ge 3" \ 263 "phase:5,pass,t:none, \ 264 setvar:IP.bf_block,\ 265 setvar:!IP.bf_counter,\ 266 expirevar:IP.bf_block=600" 267 </LocationMatch>

错误日志中没有任何内容,只是在启动重新启动命令时它正在closures。

我会说,一个行动唯一的ID是强制性的。

试试: 

 SecRule IP:bf_block "@eq 1" "phase:2,deny,id:'1234',msg:'IP address blocked because of suspected brute-forceattack'"

对于id使用任何你想要的数字,只要确保不使用相同的两次(或更多)。

你必须添加id的行动,因为modsecurity需要ID号,为了预测: 

 SecRule REQUEST_FILENAME "form.php" "***id:'400001'***,chain,deny,log,msg:'Spam detected'" SecRule REQUEST_METHOD "POST" chain SecRule REQUEST_BODY "@rx (?i:(pills|insurance|rolex))"