Access Denied by security policy
Aus HS Syswiki
(Unterschied zwischen Versionen)
| Zeile 24: | Zeile 24: | ||
[Tue Feb 25 03:04:14 2014] [error] [client 101.169.255.252] ModSecurity: Access denied with code 510 (phase 2). Pattern match "['\\";=]" at FILES:lokale_datei. [file | [Tue Feb 25 03:04:14 2014] [error] [client 101.169.255.252] ModSecurity: Access denied with code 510 (phase 2). Pattern match "['\\";=]" at FILES:lokale_datei. [file | ||
| − | "/usr/local/apache2/conf/mod_security2/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "73"] [id "960000"] [rev "2.2.5"] [msg "Attempted multipart/form-data | + | "/usr/local/apache2/conf/mod_security2/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "73"] [id "'''960000'''"] [rev "2.2.5"] [msg "Attempted multipart/form-data |
bypass"] [data "1 The Author's Wing.JPG"] [severity "CRITICAL"] [tag "RULE_MATURITY/7"] [tag "RULE_ACCURACY/7"] [tag "https://www.owasp.org/index.php | bypass"] [data "1 The Author's Wing.JPG"] [severity "CRITICAL"] [tag "RULE_MATURITY/7"] [tag "RULE_ACCURACY/7"] [tag "https://www.owasp.org/index.php | ||
/ModSecurity_CRS_RuleID-960000"] [hostname "www.alua.ch"] [uri "/bilder_upload.php"] [unique_id "Uwv6En8AAAIAAEMOTH8AAAAI"] | /ModSecurity_CRS_RuleID-960000"] [hostname "www.alua.ch"] [uri "/bilder_upload.php"] [unique_id "Uwv6En8AAAIAAEMOTH8AAAAI"] | ||
| − | wichtig ist die 6-Stellige Nummer, diese ist die ID der greifenden Regel. | + | wichtig ist die 6-Stellige Nummer (fett), diese ist die ID der greifenden Regel. |
Version vom 25. Februar 2014, 09:23 Uhr
Problem
Der Kunde wird durch eine server-interne Sicherheitsregel daran gehindert, Änderungen an der Webseite abzuspeichern.
er bekommt dann eine folgende Fehlermeldung:
Access denied by security policy Your request is blocked by a security policy rule Please concact the Support team, support@hoststar.ch and inform themof the Time the error occured, and anything you might have done that may have caused the error. More information about this error mey be available in the server error log. ----------------------------------------------------------------------------------------------------------------------------------- Please provide the following information to our support team: www.alua.ch | ip-Adresse (101.169.255.252) | Zeitangabe: 25.02.2014 02:57:58
Ursache
Meist handelt es sich um ein Badword oder Link, welches/welcher geblockt wird
Lösung
Zuerst auf den Server connecten und die folgende Zeile ausführen:
zgrep 101.169.255.252 /var/log/httpd/error-log-20140225.bz2 (Je nach Zeitangabe verschieden)
Danach erscheinen die Log-Einträge:
[Tue Feb 25 03:04:14 2014] [error] [client 101.169.255.252] ModSecurity: Access denied with code 510 (phase 2). Pattern match "['\\";=]" at FILES:lokale_datei. [file "/usr/local/apache2/conf/mod_security2/base_rules/modsecurity_crs_20_protocol_violations.conf"] [line "73"] [id "960000"] [rev "2.2.5"] [msg "Attempted multipart/form-data bypass"] [data "1 The Author's Wing.JPG"] [severity "CRITICAL"] [tag "RULE_MATURITY/7"] [tag "RULE_ACCURACY/7"] [tag "https://www.owasp.org/index.php /ModSecurity_CRS_RuleID-960000"] [hostname "www.alua.ch"] [uri "/bilder_upload.php"] [unique_id "Uwv6En8AAAIAAEMOTH8AAAAI"]
wichtig ist die 6-Stellige Nummer (fett), diese ist die ID der greifenden Regel.
