I am trying to add exemption for Mod-security rule in REQUEST-900-before file for the following request :-
`1668035916.075452 [00] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:["'`](?:;?\s*?(?:having|select|union)\b\s*?[^\s]|\s*?!\s*?["'`\w])|(?:c(?:onnection_id|urrent_user)|database)\s*?\([^\)]*?|u(?:nion(?:[\w(\s]*?select| select @)|ser\s*?\([^\)]*?)|s(?:chema\s*?\([^\)]*?|elect.*?\w?user\()|in ..." at ARGS:queryEditor. [file "/etc/modsecurity/owasp-modsecurity-crs/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "183"] [id "942190"] [msg "Detects MSSQL code execution and information gathering attempts"] [data "Matched Data: x22SELECT . found within ARGS:queryEditor: {x22titlex22:x22Untitled Query 1x22,x22dbIdx22:null,x22schemax22:null,x22autorunx22:false,x22sqlx22:x22SELECT ...x22,x22queryLimitx22:1000}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "a938b1191f37"] [uri "http://iq.haproxy.xyz/tabstateview/"] [unique_id "0A000806:E240_AC110002:01BB_636C354C_0033:0024"]`
是否有办法告诉Mod-security允许这个请求
I have tried this : -
`SecRule REQUEST_URI "^http://iq.haproxy.xyz/tabstateview/$"
"id:1000,
phase:2,
pass,
nolog,
ctl:ruleRemoveTargetById=942190;ARGS:queryEditor"`
Not able make it work
REQUEST_URI不包含域名,参见:https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(需)# request_uri
如果您想要一个与域名绑定的排除规则,我建议使用以下规则:
SecRule SERVER_NAME "@streq iq.haproxy.xyz"
"id:1000,
phase:1,
pass,
t:none,
nolog,
chain"
SecRule REQUEST_FILENAME "@streq /tabstateview/"
"t:none,
ctl:ruleRemoveTargetById=942190;ARGS:queryEditor"