2

SQL クエリに似たテキストを含むファイルを保存しようとすると、500 内部サーバー エラーが発生します。したがって、ModSecurity はそれをブロックしています。

[client xxx.xxx.xxx.xxx] ModSecurity: Access denied with code 500 (phase 2). Pattern match "(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\\\\(.*from)" at ARGS:description. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "359"] [id "300016"] [rev "2"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname "xxxxxxxxxxxxx.net"] [uri "/app/3/admin/modules/product/product_a.php"] [unique_id "TzvCxkPj2kkAAH4WkMwAAAAE"]

そこで、フォルダー /app/3/admin/modules/product/ に .htaccess ファイルを作成します。

<IfModule mod_security.c>
SecFilterRemove 300015
SecFilterRemove 300016
</IfModule>

しかし、これでも問題は解決していません。Apache のログ ファイルにログ エントリを含む 500 コードが引き続き表示されます。

これが機能しない理由は何ですか?

4

1 に答える 1

2

Is it really the saving of the file that is the problem? I find it hard to imagine, seeing as that isn't Apache's jurisdiction at atll. Isn't it rather the query being in a query string that is causing trouble?

You might be able to circumvent that e.g. by base64 encoding the query (if the 33% size increase doesn't test the URL's size limits), or storing the query in a session variable and passing only a unique random key pointing to the variable.

Edit: if you're really transmitting live SQL queries that you later execute - don't do it. It's exactly the reason why this mod_security filter exists.

either way, phpMyAdmin, a database management tool, has the same problem: It transmits live queries for running. There is a number of posts dealing with phpMyAdmin and mod_security. This one suggests a number of other filter IDs to disable. (Ideally, you would do this only for the one file that needs to receive the POST data.)

于 2012-02-15T14:48:03.383 に答える