Linux / Note ກັນລືມ

ປັນຫາ OWASP Modsecurity ກັບ WordPress ໃນ Apache

by Os555 · Published April 12, 2015 · Updated May 9, 2017

ພໍດີລຸງໄດ້ມີໂອກາດປັບຄວາມປອດໄພຂອງເຊີບເວີຂຶ້ນອີກລະດັບດ້ວຍການປັບ Modsecurity ແລະ OWASP ແຕ່ມັນດັນໄປເຮັດໃຫ້ WordPress ເຮັດວຽກຜິດພາດ ເພາະມັນໄປບລັອກ ບາງຄຳສັ່ງຂອງ ເວີດເພຣສ ກໍເລີຍໄປຫາເບິ່ງວິທີແກ້

ກໍພົບແທ້ໆ ເຊິ່ງວິທີແກ້ແມ່ນການເພີ່ມ Rule ໃຫ້ກັບ ModSecurity ເພື່ອໃຫ້ມັນ ບໍ່ກວດຈັບ ໄຟລຂອງເວີດເພຣສ

ດັ່ງນີ້:

ໃຫ້ແກ້ໄຂໃນໄຟລ ຄອນຟິກຂອງ Modsecurity

ຂອງລູງແມ່ນໄຟລນີ້ /etc/httpd/conf/crs/modsecurity_crs_10_setup.conf

ຈາກນັ້ນເພິ່ມຄຳສັ່ງນີ້ລົງໄປ

<LocationMatch “/”>
SecRuleRemoveById 981172 981173 981257 960024 981245 981246 981243
</LocationMatch>

<LocationMatch “/wp-admin/load-(scripts|styles).php”>
SecRuleRemoveById 981173
</LocationMatch>

<LocationMatch “/wp-admin/post.php”>
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 959006 950901 981257 973300 973304 973335 981317 950001 959073 981248 981205 970901 981244
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61

# Custom
SecRuleRemoveById 981172 981173 981318 960024 981245
</LocationMatch>

<LocationMatch “/wp-admin/admin-ajax.php”>
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 959006 950901
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61

# Custom
SecRuleRemoveById 981172 981173 981318 960024 981245
</LocationMatch>

<LocationMatch “/wp-admin/page.php”>
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61

# Custom
SecRuleRemoveById 981172
</LocationMatch>

<LocationMatch “/wp-admin/options.php”>
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 959006
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61

# Custom
SecRuleRemoveById 981172
</LocationMatch>

<LocationMatch “/wp-admin/theme-editor.php”>
SecRuleRemoveById 300015 300016 300017 950907 950005 950006 960008 960011 960904 959006
SecRuleRemoveById phpids-17
SecRuleRemoveById phpids-20
SecRuleRemoveById phpids-21
SecRuleRemoveById phpids-30
SecRuleRemoveById phpids-61

# Custom
SecRuleRemoveById 981172

</LocationMatch>

Debit: http://remotenode.org/?p=17

Share

Tags: apache block linux owasp wordpress

You may also like...