cookie中有什么东西触发了这个规则吗?任何帮助将不胜感激,谢谢!
[client 24.175.237.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "[\\\\[\\\\]\\\\x22',()\\\\.]{10}$|\\\\b(?:union\\\\sall\\\\sselect\\\\s(?:(?:null|\\\\d+),?)+|order\\\\sby\\\\s\\\\d{1,4}|(?:and|or)\\\\s\\\\d{4}=\\\\d{4}|waitfor\\\\sdelay\\\\s'\\\\d+:\\\\d+:\\\\d+'|(?:select|and|or)\\\\s(?:(?:pg_)?sleep\\\\(\\\\d+\\\\)|\\\\d+\\\\s?=\\\\s?(?:dbms_pipe\\\\.receive_message\\\\ ..." at REQUEST_COOKIES:sbjs_first. [file "/etc/apache2/modsecurity.d/rules/comodo_free/22_SQL_SQLi.conf"] [line "64"] [id "218500"] [rev "18"] [msg "COMODO WAF: SQLmap attack detected||xxx.xxx.com|F|2"] [data "Matched Data: |||tct=(none) found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"] [severity "CRITICAL"] [tag "CWAF"] [tag "SQLi"] [hostname "xxx.xxx.com"] [uri "/wp-admin/"] [unique_id "Z3bpos2DNUB6e_P0DPVLigAAANQ"]
您可以在该行的
data[data "Matched Data: |||tct=(none) found within REQUEST_COOKIES:sbjs_first: typ=typein|||src=(direct)|||mdm=(none)|||cmp=(none)|||cnt=(none)|||trm=(none)|||id=(none)|||plt=(none)|||fmt=(none)|||tct=(none)"]
我不知道规则本身,但如果你认为这个cookie有有效的内容,你应该排除。