ModSecurity:MediaWiki Rules: Difference between revisions

VisualWikitext

@@ Line 4: / Line 4: @@
 *Pindah ke directory <code>/usr/local/modsecurity-crs/rules/</code>
   cd /usr/local/modsecurity-crs/rules/
 *Lalu buka <code>RESPONSE-959-BLOCKING-EVALUATION.conf</code>
-  nano RESPONSE-959-BLOCKING-EVALUATION.conf
+  vim RESPONSE-959-BLOCKING-EVALUATION.conf
 *Pada log error terdapat ID rules yang memblokir yaitu ID 959100
 *Ganti baris pada baris deny ke allow
   SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
       "id:959100,\
       phase:4,\
-      '''allow,\'''
+      allow,\
       t:none,\
       msg:'Outbound Anomaly Score Exceeded (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})',\
@@ Line 21: / Line 22: @@
       ver:'OWASP_CRS/3.4.0-dev',\
       setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'"
+*Setelah itu buka file selanjutnya di <code>REQUEST-949-BLOCKING-EVALUATION.conf</code>, dengan cara yang sama
+vim REQUEST-949-BLOCKING-EVALUATION.conf
+ SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
+     "id:949110,\
+     phase:2,\
+     allow,\
+     t:none,\
+     msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE})',\
+     tag:'application-multi',\
+     tag:'language-multi',\
+     tag:'platform-multi',\
+     tag:'attack-generic',\
+     ver:'OWASP_CRS/3.4.0-dev',\
+     severity:'CRITICAL',\
+     setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'"
+*Setelah dirubah cek kembali server nginx dan restart
+ sudo nginx -t
+ systemctl restart nginx
+[[Category:Security]]
+[[Category:Server]]
+[[Category:ModSecurity]]