Probleme mit mod_security

toberkel · Beitrag von **toberkel** » Do 24. Apr 2008, 23:04

Hallo,

ich habe leider ein kleines Problem mit mod_security. Ich verwende die Rules von gotroot.com. Das funktioniert soweit auch gut, allerdings habe ich nun ein kleines Problem. Ich habe folgende Regel in die excludes.conf eingefügt:

Code: Alles auswählen

<LocationMatch "/front_content.php?action=10">
  SecFilterRemove 300016
  SecFilterRemove 300018
</LocationMatch>

Leider scheint das nicht _richtig_ zu funktionieren. Nachdem ich diese Regal aktiviert habe, war mein Problem zunächst beseitigt, allerdings nicht auf allen Seiten. Auf einigen Seiten zieht die Regel nicht, obwohl die URL front_content.php?action=10 ist. Hier mal ein Logauszug vom mod_security:

Code: Alles auswählen

==30a7ea32==============================
Request: www.domain.de 85.176.88.142 - - [24/Apr/2008:19:45:08 +0200] "POST /front_content.php?action=10&idcat=43&idart=50&idartlang=50&type=CMS_HTMLHEAD&typenr=1&contenido=9f1f6ff627ed018ee44e42525390df55 HTTP/1.1" 403 227 "http://www.domain.de/front_content.php?changeview=edit&action=con_editart&idartlang=50&type=&typenr=&idart=50&idcat=43&idcatart=&lang=1&contenido=9f1f6ff627ed018ee44e42525390df55" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" - "-"
Handler: x-httpd-php
----------------------------------------
POST /front_content.php?action=10&idcat=43&idart=50&idartlang=50&type=CMS_HTMLHEAD&typenr=1&contenido=9f1f6ff627ed018ee44e42525390df55 HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Encoding: gzip,deflate
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Connection: keep-alive
Content-Length: 13931
Content-Type: application/x-www-form-urlencoded
Cookie: style=norm_small
Host: www.domain.de
Keep-Alive: 300
Referer: http://www.domain.de/front_content.php?changeview=edit&action=con_editart&idartlang=50&type=&typenr=&idart=50&idcat=43&idcatart=&lang=1&contenido=9f1f6ff627ed018ee44e42525390df55
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
mod_security-action: 403
mod_security-message: Access denied with code 403. Pattern match "!/imp/login\\.php" at HEADER("Referer") [id "300018"][rev "3"] [msg "Generic PHP code injection protection via ARGS"] [severity "CRITICAL"]

13931
changeview=edit&data=50%7C1%7CPartner+World+Wide%7CHTMLHEAD%7C%7C50%7C2%7C%26nbsp%3B%7CHTMLHEAD%7C%7C50%7C1%7C++++++%3Ctable+border%3D%220%22+cellpadding%3D%221%22+cellspacing%3D%221%22+width%3D%22520%22%3E++++++++++++++++++++%3Ctbody%3E%3Ctr%3E++++++++++++++++++++%3Ctd+valign%3D%22top%22+width%3D%22180%22%3E+++++++++++++++++++++++++++%3Cp%3EBelgium+%26amp%3B+Netherlands%3Cbr%3E++++++++++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2FTMS_LOGO_01.png%22+alt%3D%22bilder%2FLogos%2FTMS_LOGO_01.png%22+title%3D%22bilder%2FLogos%2FTMS_LOGO_01.png%22+border%3D%220%22+height%3D%2236%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E++++%3C%2Fp%3E++++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3ET+%26amp%3B+M+Systems+B.+V.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Jean+Helleboog%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++Centaurusweg+148-b%3Cbr%3E+++++++++++++++++++++NL-5015+Tilburg%3Cbr%3E+++++++++++++++++++++The+Netherlands%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B31-134639540%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B31-134639663%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3AJ.Helleboog%40TMsystems.nl%22%3EJ.Helleboog%40TMsystems.nl%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.tmsystems.nl%2F%22%3Ehttp%3A%2F%2Fwww.TMsystems.nl%3C%2Fa%3E++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3ECyprus%3Cbr%3E+++++++++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2Fmedisell_LOGO.png%22+alt%3D%22bilder%2FLogos%2Fmedisell_LOGO.png%22+title%3D%22bilder%2FLogos%2Fmedisell_LOGO.png%22+border%3D%220%22+height%3D%2219%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EMedisell+Co.+Ltd.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+George+Orthodoxou%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++Vouliagmenis+8%3Cbr%3E+++++++++++++++++++++CY-2033+Strovolos%3Cbr%3E+++++++++++++++++++++Lefkosia+Cyprus%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B357-22-494300%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B357-22-2311362%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3AG.Orthodoxou%40medisell.com.cy%22%3EG.Orthodoxou%40medisell.com.cy%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.medisell.com.cy%2F%22%3Ehttp%3A%2F%2Fwww.medisell.com.cy%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E+++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E++++%3Cp%3ECzech+Republic%3Cbr%3E++++++++++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2FEnvitech_LOGO_01.png%22+alt%3D%22bilder%2FLogos%2FEnvitech_LOGO_01.png%22+title%3D%22bilder%2FLogos%2FEnvitech_LOGO_01.png%22+border%3D%220%22+height%3D%2257%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E++++%3C%2Fp%3E++++%3C%2Ftd%3E+++++++++%3Ctd%3E+++%3Cp%3E%3Cstrong%3EENVItech+Bohemia+s.r.o.%3C%2Fstrong%3E%3Cbr%3E++++++++++++%3Cstrong%3EContact+person%3A+Zdenek+Kropac%3C%2Fstrong%3E%3Cbr%3E++++++Ovocna+34%3Cbr%3E++++++161+00+Praha+6%3Cbr%3E++++Czech+Republic%3Cbr%3E++++++Tel%3A+%2B420-257-312+750%3Cbr%3E++++++Fax%3A+%2B420-257-311+780%3Cbr%3E++++++Email%3A+%3Ca+target%3D%22_self%22+href%3D%22mailto%3Aeb%40envitech-bohemia.cz%22%3Eeb%40envitech-bohemia.cz%3C%2Fa%3E%3Cbr%3E++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.envitech-bohemia.cz%2F%22%3Ehttp%3A%2F%2Fwww.envitech-bohemia.cz%3C%2Fa%3E%3C%2Fp%3E+++%3C%2Ftd%3E+++++%3C%2Ftr%3E+++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3EFrance%3Cbr%3E+++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2Fecomesure_LOGO.png%22+alt%3D%22bilder%2FLogos%2Fecomesure_LOGO.png%22+title%3D%22bilder%2FLogos%2Fecomesure_LOGO.png%22+border%3D%220%22+height%3D%2221%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EECOMESURE%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Claude+Chambre%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++3+rue+du+Grand+C%E8dre%3Cbr%3E+++++++++++++++++++++F+-+91640%3Cbr%3E+++++++++++++++++++++France%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B33-1-64+90+55+55%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B33-1-64+90+55+66%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Acontact%40ecomesure.com%22%3Econtact%40ecomesure.com%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.ecomesure.com%2F%22%3Ehttp%3A%2F%2Fwww.ecomesure.com%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3EGreat+Britain%3Cbr%3E+++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2Fbiral_LOGO.png%22+alt%3D%22bilder%2FLogos%2Fbiral_LOGO.png%22+title%3D%22bilder%2FLogos%2Fbiral_LOGO.png%22+border%3D%220%22+height%3D%2238%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++++++++++++++++++++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EBIRAL%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Richard+Mc+Kay%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++P.O.Box+2%3Cbr%3E+++++++++++++++++++++Portishead%3Cbr%3E+++++++++++++++++++++Bristol+BS20+7BL%3Cbr%3E+++++++++++++++++++++Great+Britain%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B44-1275-847787%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B44-1275-847303%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Amckay%40biral.com%22%3Emckay%40biral.com%3C%2Fa%3E+or+%3Ca+href%3D%22mailto%3Amet%40biral.com%22%3Emet%40biral.com%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.biral.com%2F%22%3Ehttp%3A%2F%2Fwww.biral.com%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3EIreland%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EMeasurIT+Technologies+Ltd.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Mark+Radford%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++56+Southern+Cross+Business+Park%3Cbr%3E+++++++++++++++++++++Bray%2C+Co.+Wicklow%3Cbr%3E+++++++++++++++++++++Ireland%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B353-12768104%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B353-12768941%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Amark%40measurIT.com%22%3Emark%40measurIT.com%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.measurit.com%2F%22%3Ehttp%3A%2F%2Fwww.measurit.com%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3EKorea%3Cbr%3E+++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2Fapm_logo.png%22+alt%3D%22bilder%2FLogos%2Fapm_logo.png%22+title%3D%22bilder%2FLogos%2Fapm_logo.png%22+border%3D%220%22+height%3D%2224%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EAPM+Engineering+Co.%2C+Ltd.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+G.+H.+Yoon%3C%2Fstrong%3E%3Cbr%3E++++++++++++++++++++202-808+Bucheon+Techno-Park%2C+192%2C+Yakdae-Dong%2C+Wonmi-Ku%2C%3Cbr%3E++++++++++++++++++++Bucheon-City%2C+Kyunggi-Do%2C+KOREA.+Zip+code%26nbsp%3B+420-733+%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B82-32-219-7700%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B82-32-219-7707%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Aapmkorea%40hitel.net%22%3Eapmkorea%40hitel.net%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.apmkorea.co.kr%2F%22%3Ehttp%3A%2F%2Fwww.apmkorea.co.kr%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++%3Cp%3EMaroc%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3ECOFAS+S.A.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+A.+Mouhriz%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++2%2C+Rue+Ibnou+Al+Arif%3Cbr%3E+++++++++++++++++++++M%E2arif+%2F+Casablanca%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B2122-2-230076%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B2122-2-232033%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3ACofas%40mail.net.ma%22%3ECofas%40mail.net.ma%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++++++++++++++++++++++%3Cp%3EPortugal%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EV%F3rtice+Equipmentos+Cientificos%2C+Ltd.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Luis+Chaves+da+Costa%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++Rue+de+Xabregas%2C+20-Piso+2%2C+Esc+204%3Cbr%3E+++++++++++++++++++++P-1900+Lisabon%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B351-1-8683559%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B351-1-8682946%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Ageral%40esoterica.pt%22%3Egeral%40esoterica.pt%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.vortice-ida.pt%22%3Ehttp%3A%2F%2Fwww.vortice-lda.pt%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++++++++++++++++++++++%3Cp%3ESpain%3Cbr%3E+++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2FTCA_LOGO.png%22+alt%3D%22bilder%2FLogos%2FTCA_LOGO.png%22+title%3D%22bilder%2FLogos%2FTCA_LOGO.png%22+border%3D%220%22+height%3D%2229%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3ETCA-Technicas+de+Control+y+Analisis%2C+S.A.%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Alberto+Flores%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++c%2FGerard+Piera%2C+3%3Cbr%3E+++++++++++++++++++++E-08028+Barcelona%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B34-93-4091280%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B34-93-4112335%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Aflores%40tca.es%22%3Eflores%40tca.es%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.tca.es%2F%22%3Ehttp%3A%2F%2Fwww.tca.es%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++++++++++++++++++++++%3Cp%3ESwitzerland%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3EABISSA+Environment+SA%3Cbr%3E++++++++++++++++++++Contact+person%3A+Mr.+Fr%E9d%E9ric+de+de+Rutt%E9%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++Avenue+des+Mouettas%3Cbr%3E+++++++++++++++++++++CH+-+1027+Lonay%3Cbr%3E+++++++++++++++++++++Switzerland%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B%2B41-21-803+71+82%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B%2B41-21-803+71+88%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Aabissa_environment%40bluewin.ch%22%3Eabissa_environment%40bluewin.ch%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E+++++++++++++++++++++++++++++++++++++++%3Ctr%3E++++++++++++++++++++%3Ctd+align%3D%22%22+height%3D%22%22+valign%3D%22top%22+width%3D%22%22%3E+++++++++++++++++++++++++++%3Cp%3ETurkey%3Cbr%3E+++%3Cspan+class%3D%22bildbox-l%22%3E%3Cimg+src%3D%22upload%2Fbilder%2FLogos%2FNormtest_LOGO.png%22+alt%3D%22bilder%2FLogos%2FNormtest_LOGO.png%22+title%3D%22bilder%2FLogos%2FNormtest_LOGO.png%22+border%3D%220%22+height%3D%2221%22+width%3D%2280%22%3E%3C%2Fspan%3E%3Cbr%3E+++%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E+++++++++++++++++++++++++++++++++++++++%3Ctd%3E+++++++++++++++++++++++++++%3Cp%3E%3Cstrong%3ENormtest+Dis+Ticaret+Ltd+Sirketi%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++++++++%3Cstrong%3EContact+person%3A+Mr.+Mehmet+T%FCrken%3C%2Fstrong%3E%3Cbr%3E+++++++++++++++++++++Sedat+Simavi+Sokak+22%2F5%3Cbr%3E+++++++++++++++++++++%C7ankaya%3Cbr%3E+++++++++++++++++++++06680+Ankara%3Cbr%3E+++++++++++++++++++++Turkey%3Cbr%3E++++++++++++++++++++++Tel%3A+%2B90-312-4418839%3Cbr%3E+++++++++++++++++++++Fax%3A+%2B90-312-4386495%3Cbr%3E+++++++++++++++++++++Email%3A+%3Ca+href%3D%22mailto%3Ainfo%40normtest.com.tr%22%3Einfo%40normtest.com.tr%3C%2Fa%3E%3Cbr%3E+++++++++++++++++++++Site%3A+%3Ca+href%3D%22http%3A%2F%2Fwww.normtest.com.tr%2F%22%3Ehttp%3A%2F%2Fwww.normtest.com.tr%2F%3C%2Fa%3E%3C%2Fp%3E+++++++++++++++++++++%3C%2Ftd%3E++++++++++++++++++++%3C%2Ftr%3E++++++++++++++++++++%3C%2Ftbody%3E%3C%2Ftable%3E+++++++++++++++%3Cp%3E%26nbsp%3B%3C%2Fp%3E%7CHTML%7C%7C&con_class=

HTTP/1.1 403 Forbidden
Keep-Alive: timeout=15, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
--30a7ea32--

Überseh ich evtl. was? Die Regel die mod_security dazu bringt den Request zu blocken ist doch 300018, die die ich in der excludes.conf erlaubt hab, oder nicht? Hat jemand evtl. von euch mod_security Fehlerfrei am laufen?

MfG,

toberkel

Beitrag von **xmurrix** » Sa 26. Apr 2008, 18:30

Hallo,

habe zwar keine Ahnung von mod_security, aber die Fehlermeldung

Code: Alles auswählen

mod_security-message: Access denied with code 403. Pattern match "!/imp/login\\.php" at HEADER("Referer") [id "300018"][rev "3"] [msg "Generic PHP code injection protection via ARGS"] [severity "CRITICAL"]

sagt doch aus, dass das Muster "!/imp/login\\.php" auf den Refferer Header angewand wurde und das Ergebnis true geliefert hat. Also hat die Regel "Im Refferer kommt der String /imp/login.php nicht vor" korrekt funktioniert.

Hmm, ich habe das Gefühl, dass beim Konfigurieren von mod_securitry wohl zuviel mit Copy & Paste gearbeitet wurde. In Contenido gibt es kein Verzeichnis/Script das auf "/imp/login.php" passt, das kommt z. B. in Horde vor.

Schau dir mal die Definition der Regeln an, irgendwo muss ja "/imp/login.php" auftauchen, das ist sehr wahrscheinlich bei Einsatz von Contenido fehl am Platz.

Wenn du das Backend zusätzlich schützen willst, mach einfach ein Verzeichnisschutz in das Verzeichnis "/contenido". Dann müssen Backenduser sich 2 Mal anmelden, dafür ist es doppelt gesichert.

Gruß
xmurrix

toberkel · Beitrag von **toberkel** » Mo 28. Apr 2008, 08:57

Hi,

ja, das sind Regeln von gotroot.com. Diese Regel soll eingentlich vor SQL-Injection schützen. Der Witz ist nur, ich habe diese Regel eigentlich für die front_content.php deaktiviert, leider scheint das nur nicht richtig zu ziehen...

Hat evtl. noch jemand eine Idee?