ModSecurity:MediaWiki Rules: Difference between revisions
No edit summary |
No edit summary |
||
| Line 8: | Line 8: | ||
*Lalu buka <code>RESPONSE-959-BLOCKING-EVALUATION.conf</code> | *Lalu buka <code>RESPONSE-959-BLOCKING-EVALUATION.conf</code> | ||
vim RESPONSE-959-BLOCKING-EVALUATION.conf | vim RESPONSE-959-BLOCKING-EVALUATION.conf | ||
*Pada log error terdapat ID rules yang memblokir yaitu ID 959100 | *Pada log error terdapat ID rules yang memblokir yaitu ID 959100 | ||
*Ganti baris pada baris deny ke allow | *Ganti baris pada baris deny ke allow | ||
SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \ | |||
SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \ | "id:959100,\ | ||
phase:4,\ | |||
allow,\ | |||
t:none,\ | |||
msg:'Outbound Anomaly Score Exceeded (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})',\ | |||
tag:'anomaly-evaluation',\ | |||
ver:'OWASP_CRS/3.4.0-dev',\ | |||
setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'" | |||
*Setelah itu buka file selanjutnya di <code>REQUEST-949-BLOCKING-EVALUATION.conf</code>, dengan cara yang sama | *Setelah itu buka file selanjutnya di <code>REQUEST-949-BLOCKING-EVALUATION.conf</code>, dengan cara yang sama | ||
vim REQUEST-949-BLOCKING-EVALUATION.conf | vim REQUEST-949-BLOCKING-EVALUATION.conf | ||
SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \ | SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \ | ||
"id:949110,\ | |||
phase:2,\ | |||
allow,\ | |||
t:none,\ | |||
msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE})',\ | |||
tag:'application-multi',\ | |||
tag:'language-multi',\ | |||
tag:'platform-multi',\ | |||
tag:'attack-generic',\ | |||
ver:'OWASP_CRS/3.4.0-dev',\ | |||
severity:'CRITICAL',\ | |||
setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'" | |||
*Setelah dirubah cek kembali server nginx dan restart | *Setelah dirubah cek kembali server nginx dan restart | ||
sudo nginx -t | sudo nginx -t | ||
systemctl restart nginx | systemctl restart nginx | ||
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:ModSecurity]] | [[Category:ModSecurity]] | ||
Latest revision as of 20:38, 1 November 2025
Beberapa waktu lalu ketika mengedit pada halaman yang terdapat tanda baca : saat save akan dialihkan ke halamn error 403.
Untuk mengatasi hal tersebut saya menggunakan cara yang sebenarnya kurang efektif tapi cara ini cukup rumit
- Pindah ke directory
/usr/local/modsecurity-crs/rules/
cd /usr/local/modsecurity-crs/rules/
- Lalu buka
RESPONSE-959-BLOCKING-EVALUATION.conf
vim RESPONSE-959-BLOCKING-EVALUATION.conf
- Pada log error terdapat ID rules yang memblokir yaitu ID 959100
- Ganti baris pada baris deny ke allow
SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
"id:959100,\
phase:4,\
allow,\
t:none,\
msg:'Outbound Anomaly Score Exceeded (Total Score: %{TX.OUTBOUND_ANOMALY_SCORE})',\
tag:'anomaly-evaluation',\
ver:'OWASP_CRS/3.4.0-dev',\
setvar:'tx.anomaly_score=+%{tx.outbound_anomaly_score}'"
- Setelah itu buka file selanjutnya di
REQUEST-949-BLOCKING-EVALUATION.conf, dengan cara yang sama
vim REQUEST-949-BLOCKING-EVALUATION.conf
SecRule TX:ANOMALY_SCORE "@ge %{tx.inbound_anomaly_score_threshold}" \
"id:949110,\
phase:2,\
allow,\
t:none,\
msg:'Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE})',\
tag:'application-multi',\
tag:'language-multi',\
tag:'platform-multi',\
tag:'attack-generic',\
ver:'OWASP_CRS/3.4.0-dev',\
severity:'CRITICAL',\
setvar:'tx.inbound_anomaly_score=%{tx.anomaly_score}'"
- Setelah dirubah cek kembali server nginx dan restart
sudo nginx -t
systemctl restart nginx