本文档介绍了如何配置ModSecurity来防止SQL注入攻击。通过编辑REQUEST-SELF-101-HASH.conf文件,设置规则限制特殊字符使用,并启用SQL函数名和Windows PowerShell命令的检测。配置完成后,通过Apache配置检查和服务重启确保规则生效。最后,通过示例URL验证了SQL注入防护功能。
防止SQL注入
1)cd /etc/httpd/modsecurity-crs/rules
2)vi REQUEST-SELF-101-HASH.conf
写入
#
# -=[ SQL Injection Character Anomaly Usage ]=-
#
# This is a paranoid sibling to 2.2.x Rule 981173.
# The regex limit is set to '1' and the anomaly scoring is increased to 'critical'.
# For dealing with false positives, UUID format is whitelisted with a chained rule.
# For 3.0.0-rc1 rule, see FIXME.
#
SecRule ARGS_NAMES|ARGS|XML:/* "([\~\!\@\#\$\%\^\&\*\(\)\-\+\=\{\}\[\]\|\:\;\"\'\′\’\‘\`\<\>].*?){1,}"\
"chain,\
phase:request,\
rev:'2',\
ver:'OWASP_CRS/3.0.0',\
maturity:'X',\
accuracy:'Y',\
t:none,t:urlDecodeUni,\
block,\
msg:'Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded',\
id:'981173',\
tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',\
tag:'Paranoia rule on level Z',\
logdata:'Matched Data: %{TX.1} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
severity:'CRITICAL',\
setvar:'tx.msg=%{rule.msg}',\
setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/RESTRICTED_SQLI_CHARS-%{matched_var_name}=%{tx.0}"
SecRule MATCHED_VARS "!@rx ^[a-f0-9-]{36}$"\
"t:lowercase,\
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
setvar:tx.sql_injection_score=+1"
#
# -=[ SQL Function Names ]=-
#
# This is a paranoid sibling to 2.2.x Rule 950001.
# The rule is no lo
1)cd /etc/httpd/modsecurity-crs/rules
2)vi REQUEST-SELF-101-HASH.conf
写入
#
# -=[ SQL Injection Character Anomaly Usage ]=-
#
# This is a paranoid sibling to 2.2.x Rule 981173.
# The regex limit is set to '1' and the anomaly scoring is increased to 'critical'.
# For dealing with false positives, UUID format is whitelisted with a chained rule.
# For 3.0.0-rc1 rule, see FIXME.
#
SecRule ARGS_NAMES|ARGS|XML:/* "([\~\!\@\#\$\%\^\&\*\(\)\-\+\=\{\}\[\]\|\:\;\"\'\′\’\‘\`\<\>].*?){1,}"\
"chain,\
phase:request,\
rev:'2',\
ver:'OWASP_CRS/3.0.0',\
maturity:'X',\
accuracy:'Y',\
t:none,t:urlDecodeUni,\
block,\
msg:'Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded',\
id:'981173',\
tag:'OWASP_CRS/WEB_ATTACK/SQL_INJECTION',\
tag:'Paranoia rule on level Z',\
logdata:'Matched Data: %{TX.1} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
severity:'CRITICAL',\
setvar:'tx.msg=%{rule.msg}',\
setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/RESTRICTED_SQLI_CHARS-%{matched_var_name}=%{tx.0}"
SecRule MATCHED_VARS "!@rx ^[a-f0-9-]{36}$"\
"t:lowercase,\
setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
setvar:tx.sql_injection_score=+1"
#
# -=[ SQL Function Names ]=-
#
# This is a paranoid sibling to 2.2.x Rule 950001.
# The rule is no lo
最低0.47元/天 解锁文章
扫一扫
6370
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
