modsecurity问题…
REQUEST_METHOD测试在下面做什么?它出现了两次。
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"

SecRule &REQUEST_HEADERS:Accept "@eq 0" \
    "chain,phase:2,skip:1,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
SecRule REQUEST_HEADERS:Accept "^$" \
    "chain,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \
    "skip:1,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',id:'960009',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',severity:'4'"
SecRule REQUEST_HEADERS:User-Agent "^$" \
    "t:none,deny,log,auditlog,status:400,msg:'Request Missing a User Agent Header',id:'960009',tag:'PROTOCOL_VIOLATION/MISSING_HEADER',severity:'4'"
SecMarker 969999

求你了,不要解释整件事,其他的我都能看懂。不过,看起来这个测试是某种巫毒…
顺便说一下,REQUEST_METHOD的测试是错误的。根据http,Accept选项不是必需的。

最佳答案

尽管规则secrule request_method“!^选项$“”t:none“出现两次,但每次都与另一个规则链接。
chain是modsecurity中的一个操作,它将两个或多个规则组合起来形成一个规则。
第一条规则是:

SecRule &REQUEST_HEADERS:Accept "@eq 0" \
   "chain,phase:2,skip:1,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"

第二条规则是:
SecRule REQUEST_HEADERS:Accept "^$" \
    "chain,phase:2,t:none,deny,log,auditlog,status:400,msg:'Request Missing an Accept Header', severity:'2',id:'960015',tag:'PROTOCOL_VIOLATION/MISSING_HEADER'"
SecRule REQUEST_METHOD "!^OPTIONS$" "t:none"

10-06 01:38