Wiki

ModSecurity:MediaWiki Rules: Difference between revisions

← Older edit
Kangtain (talk | contribs)
Bureaucrats, Interface administrators, Suppressors, Administrators
9,154 edits
VisualWikitext
No edit summary
No edit summary
 
(8 intermediate revisions by the same user not shown)
Line 4: Line 4:


*Pindah ke directory <code>/usr/local/modsecurity-crs/rules/</code>
*Pindah ke directory <code>/usr/local/modsecurity-crs/rules/</code>
  cd /usr/local/modsecurity-crs/rules/
  cd /usr/local/modsecurity-crs/rules/


*Lalu buka <code>RESPONSE-959-BLOCKING-EVALUATION.conf</code>
*Lalu buka <code>RESPONSE-959-BLOCKING-EVALUATION.conf</code>
  nano RESPONSE-959-BLOCKING-EVALUATION.conf
 
  vim RESPONSE-959-BLOCKING-EVALUATION.conf


*Pada log error terdapat ID rules yang memblokir yaitu ID 959100
*Pada log error terdapat ID rules yang memblokir yaitu ID 959100
*Ganti baris pada baris deny ke allow
*Ganti baris pada baris deny ke allow
  SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
  SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
     "id:959100,\
     "id:959100,\
     phase:4,\
     phase:4,\
     '''allow,\'''
     allow,\
     t:none,\
     t:none,\
     msg:'Outbound Anomaly Score Exceeded (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})',\
     msg:'Outbound Anomaly Score Exceeded (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})',\
Line 23: Line 24:


*Setelah itu buka file selanjutnya di <code>REQUEST-949-BLOCKING-EVALUATION.conf</code>, dengan cara yang sama
*Setelah itu buka file selanjutnya di <code>REQUEST-949-BLOCKING-EVALUATION.conf</code>, dengan cara yang sama
vim REQUEST-949-BLOCKING-EVALUATION.conf


  SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
  SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
     "id:949110,\
     "id:949110,\
     phase:2,\
     phase:2,\
     '''allow,\'''
     allow,\
     t:none,\
     t:none,\
     msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE})',\
     msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE})',\
Line 39: Line 42:


*Setelah dirubah cek kembali server nginx dan restart
*Setelah dirubah cek kembali server nginx dan restart
  sudo nginx -t
  sudo nginx -t


  systemctl restart nginx
  systemctl restart nginx
[[Category:Security]]
[[Category:Server]]
[[Category:ModSecurity]]
Retrieved from "https://kangtain.com/wiki/index.php/ModSecurity:MediaWiki_Rules"