Wiki

ModSecurity:MediaWiki Rules: Difference between revisions

← Older edit
Kangtain (talk | contribs)
Bureaucrats, Interface administrators, Suppressors, Administrators
9,154 edits
VisualWikitext
No edit summary
No edit summary
 
Line 8: Line 8:


*Lalu buka <code>RESPONSE-959-BLOCKING-EVALUATION.conf</code>
*Lalu buka <code>RESPONSE-959-BLOCKING-EVALUATION.conf</code>
<syntaxhighlight lang="shell">
 
vim RESPONSE-959-BLOCKING-EVALUATION.conf
vim RESPONSE-959-BLOCKING-EVALUATION.conf
</syntaxhighlight>
 
*Pada log error terdapat ID rules yang memblokir yaitu ID 959100
*Pada log error terdapat ID rules yang memblokir yaitu ID 959100
*Ganti baris pada baris deny ke allow
*Ganti baris pada baris deny ke allow
<syntaxhighlight lang="nginx">
SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
    "id:959100,\
    "id:959100,\
    phase:4,\
    phase:4,\
    allow,\
    allow,\
    t:none,\
    t:none,\
    msg:'Outbound Anomaly Score Exceeded (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})',\
    msg:'Outbound Anomaly Score Exceeded (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})',\
    tag:'anomaly-evaluation',\
    tag:'anomaly-evaluation',\
    ver:'OWASP_CRS/3.4.0-dev',\
    ver:'OWASP_CRS/3.4.0-dev',\
    setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'"
    setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'"
 
</syntaxhighlight>
*Setelah itu buka file selanjutnya di <code>REQUEST-949-BLOCKING-EVALUATION.conf</code>, dengan cara yang sama
*Setelah itu buka file selanjutnya di <code>REQUEST-949-BLOCKING-EVALUATION.conf</code>, dengan cara yang sama
<syntaxhighlight lang="shell">
 
vim REQUEST-949-BLOCKING-EVALUATION.conf
vim REQUEST-949-BLOCKING-EVALUATION.conf
</syntaxhighlight><syntaxhighlight lang="nginx">
 
SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
    "id:949110,\
    "id:949110,\
    phase:2,\
    phase:2,\
    allow,\
    allow,\
    t:none,\
    t:none,\
    msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE})',\
    msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE})',\
    tag:'application-multi',\
    tag:'application-multi',\
    tag:'language-multi',\
    tag:'language-multi',\
    tag:'platform-multi',\
    tag:'platform-multi',\
    tag:'attack-generic',\
    tag:'attack-generic',\
    ver:'OWASP_CRS/3.4.0-dev',\
    ver:'OWASP_CRS/3.4.0-dev',\
    severity:'CRITICAL',\
    severity:'CRITICAL',\
    setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'"
    setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'"
</syntaxhighlight>
 
*Setelah dirubah cek kembali server nginx dan restart
*Setelah dirubah cek kembali server nginx dan restart
<syntaxhighlight lang="shell">
 
sudo nginx -t
sudo nginx -t
</syntaxhighlight><syntaxhighlight lang="shell">
 
systemctl restart nginx
systemctl restart nginx
</syntaxhighlight>
 
[[Category:Security]]
[[Category:Security]]
[[Category:Server]]
[[Category:Server]]
[[Category:ModSecurity]]
[[Category:ModSecurity]]
Retrieved from "https://kangtain.com/wiki/index.php/ModSecurity:MediaWiki_Rules"