Modsecurity 阻止阻止我的合法 XHR POST 請求(403 禁止)

tag-icon tag-icon nginx mod-security
Modsecurity 阻止阻止我的合法 XHR POST 請求(403 禁止)

我是 modsecurity 主題的新手,所以也許答案很微不足道,但...

我在新的 nginx/1.24.0 伺服器上設定了 modsecurity,並使用預設的建議規則集:coreruleset-3.3.0,從那時起我的 POST XHR 請求就被阻止了。這是一個基本的 Laravel/Livewire 表單。

modsecurity 傳送和記錄的標頭如下所示:

POST /livewire/update HTTP/2.0
content-type: application/json
origin: https://example.com
referer: https://example.com/en
pragma: no-cache
accept-encoding: gzip, deflate, br
cookie: XSRF-TOKEN=eyJpdiI6IkJVTXpEK01rYTRYVFI1aGxjOE9T...
content-length: 540
accept-language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3
te: trailers
accept: */*
cache-control: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
sec-fetch-site: same-origin
sec-fetch-dest: empty
authorization: Basic Y2Z0cmFbjpjmdG9u
host: example.com
sec-fetch-mode: no-cors

和日誌報告:

  1. “Content-Length HTTP header 不是數字” - 但對我來說“540”看起來是數字!
ModSecurity: Warning. Matched "Operator `Rx' with parameter `^\d+$' against variable `REQUEST_HEADERS:content-length' (Value: `540' ) 
[file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] 
[line "127"] 
[id "920160"] 
[msg "Content-Length HTTP header is not numeric"] 
[data "540"] 
[severity "2"]
  1. 「非法內容類型標頭」 - 為什麼「application/json」是非法的?
ModSecurity: Warning. Matched "Operator `Rx' with parameter `^[\w/.+-]+(?... against variable `REQUEST_HEADERS:content-type' (Value: `application/json' ) 
[file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] 
[line "915"] 
[id "920470"] 
[rev ""] 
[msg "Illegal Content-Type header"] 
[data "application/json"] 
[severity "2"]
  1. 「無效的 HTTP 請求行」- 什麼是無效的:「POST /livewire/update HTTP/2.0」?
ModSecurity: Warning. Matched "Operator `Rx' with parameter `^(?i:(?:[a-... against variable `REQUEST_LINE' (Value: `POST /livewire/update HTTP/2.0' ) 
[file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] 
[line "47"] 
[id "920100"] 
[msg "Invalid HTTP Request Line"] 
[data "POST /livewire/update HTTP/2.0"]

..然後請求被阻止

ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `13' ) 
[file "/etc/nginx/modsec/coreruleset-3.3.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] 
[line "80"] 
[id "949110"] 
[msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] 
[data ""] 
[severity "2"]

所以我非常驚訝,我不知道我能做些什麼,因為這些規則似乎是合法的,但我也不想違反其中任何一個。

相關內容