Wiki

ModSecurity:MediaWiki Rules: Difference between revisions

← Older editNewer edit →
Kangtain (talk | contribs)
Bureaucrats, Interface administrators, Suppressors, Administrators
9,154 edits
VisualWikitext
No edit summary
No edit summary
Line 13: Line 13:
*Pada log error terdapat ID rules yang memblokir yaitu ID 959100
*Pada log error terdapat ID rules yang memblokir yaitu ID 959100
*Ganti baris pada baris deny ke allow
*Ganti baris pada baris deny ke allow
SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
<syntaxhighlight lang="nginx">
    "id:959100,\
SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
    phase:4,\
    "id:959100,\
    '''allow,\'''
    phase:4,\
    t:none,\
    allow,\
    msg:'Outbound Anomaly Score Exceeded (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})',\
    t:none,\
    tag:'anomaly-evaluation',\
    msg:'Outbound Anomaly Score Exceeded (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})',\
    ver:'OWASP_CRS/3.4.0-dev',\
    tag:'anomaly-evaluation',\
    setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'"
    ver:'OWASP_CRS/3.4.0-dev',\
 
    setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'"
</syntaxhighlight>
*Setelah itu buka file selanjutnya di <code>REQUEST-949-BLOCKING-EVALUATION.conf</code>, dengan cara yang sama
*Setelah itu buka file selanjutnya di <code>REQUEST-949-BLOCKING-EVALUATION.conf</code>, dengan cara yang sama
 
<syntaxhighlight lang="shell">
vim REQUEST-949-BLOCKING-EVALUATION.conf
vim REQUEST-949-BLOCKING-EVALUATION.conf
 
</syntaxhighlight><syntaxhighlight lang="nginx">
SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
    "id:949110,\
    "id:949110,\
    phase:2,\
    phase:2,\
    '''allow,\'''
    allow,\
    t:none,\
    t:none,\
    msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE})',\
    msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE})',\
    tag:'application-multi',\
    tag:'application-multi',\
    tag:'language-multi',\
    tag:'language-multi',\
    tag:'platform-multi',\
    tag:'platform-multi',\
    tag:'attack-generic',\
    tag:'attack-generic',\
    ver:'OWASP_CRS/3.4.0-dev',\
    ver:'OWASP_CRS/3.4.0-dev',\
    severity:'CRITICAL',\
    severity:'CRITICAL',\
    setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'"
    setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'"
 
</syntaxhighlight>
*Setelah dirubah cek kembali server nginx dan restart
*Setelah dirubah cek kembali server nginx dan restart
sudo nginx -t
<syntaxhighlight lang="shell">
 
sudo nginx -t
systemctl restart nginx
</syntaxhighlight><syntaxhighlight lang="shell">
 
systemctl restart nginx
</syntaxhighlight>
[[Category:Security]]
[[Category:Security]]
[[Category:Server]]
[[Category:Server]]
[[Category:ModSecurity]]
[[Category:ModSecurity]]
Retrieved from "https://kangtain.com/wiki/index.php/ModSecurity:MediaWiki_Rules"