服务器 Gind.cn
  1. 服务器 Gind.cn
  3. modsecurity白名单允许文件下载?
Intereting Posts
可以ping IP地址和nslookup主机名,但不能ping主机名 后缀 – Dovecot – 可以发送电子邮件,但不会收到 – NOQUEUE – 中继访问被拒绝 rails 4的asset_path帮手是否使用asset.prefix? php包含path错误:相同的代码在Ubuntu默认的Apache和php conf上工作,但不在CentOS上 木偶和windowsfeature – 布尔错误 用1个Windows Server分开2个networking 未能捆绑EC2 – 如何获取更多信息? FTP扩展命令CLNT在哪里定义? 无论如何,以确定亚马逊机器图像(创builddate)? Exchange 2013日历问题 隔离我的networking上的PC Windows Web服务器之间共享存储的最佳实践? 如何select服务器以最小化关键第三方服务的延迟? 最好的冗余方式来设置多个不同大小的驱动器 如何最好地build立MDT的开发和生产?

modsecurity白名单允许文件下载?

我有一个启用了modsecurity的网站,但是当我试图通过网站访问服务器上的PDF文档时,我收到了403 Forbidden 。 有没有办法将PDF文件白名单允许通过网站或可能的configuration选项被提供? 

  --9a349c55-A-- [14/Aug/2013:10:05:57 --0400] UguOxX8AAQEAAD22d8AAAACN 192.168.1.108 52929 192.168.1.125 80 --9a349c55-B-- GET /pdf/sample.pdf HTTP/1.1 Host: www.example.com Connection: keep-alive User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36 Accept: */* Referer: http://www.example.com/pdf/sample.pdf Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Cookie: __utma=143856170.1892623529.1376158518.1376158518.1376158518.1; __utmz=143856170.1376158518.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=1.834637782.1376487927.1376487927.1376487927.1; __utmb=1.4.10.1376487927; __utmc=1; __utmz=1.1376487927.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) Range: bytes=0-32767 --9a349c55-F-- HTTP/1.1 403 Forbidden Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 247 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 --9a349c55-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /pdf/sample.pdf on this server.</p> </body></html> --9a349c55-H-- Message: Access denied with code 403 (phase 2). String match "bytes=0-" at REQUEST_HEADERS:Range. [file "/etc/apache2/modsecurity-crs/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "248"] [id "958291"] [rev "2.2.5"] [msg "Range: field exists and begins with 0."] [data "bytes=0-32767"] [severity "NOTICE"] [tag "RULE_MATURITY/5"] [tag "RULE_ACCURACY/7"] [tag "https://www.owasp.org/index.php/ModSecurity_CRS_RuleID-958291"] [tag "PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "http://www.bad-behavior.ioerror.us/documentation/how-it-works/"] Action: Intercepted (phase 2) Apache-Handler: proxy-server Stopwatch: 1376489157340781 711 (- - -) Stopwatch2: 1376489157340781 711; combined=247, p1=176, p2=30, p3=0, p4=0, p5=40, sr=31, sw=1, l=0, gc=0 Response-Body-Transformed: Dechunked Producer: ModSecurity for Apache/2.6.3 (http://www.modsecurity.org/); OWASP_CRS/2.2.5; OWASP_CRS/2.2.5. Server: Apache --9a349c55-Z--

使用REQUEST_URIbuild立规则与正则expression式,并把它放在confuguration文件/文件中的适当的地方 

 SecRule REQUEST_URI ".*\.pdf$" phase:1,allow

在这里解释安全的方式并不容易,这取决于你的架构和你的modsecurity现在的configuration方式。