CentOS 6 \u6216 7<\/p>\n
#<\/span> rpm -q<\/span> mod_security mod_security_crs\r\nmod_security-2.7.3-5.el6.x86_64\r\nmod_security_crs-2.2.6-3.el6.noarch\r\n\r\n<\/span>#<\/span> rpm -q<\/span> mod_security mod_security_crs\r\nmod_security-2.9.2-1.el7.x86_64\r\nmod_security_crs-2.2.9-1.el7.noarch\r\n<\/span><\/code><\/pre>\n\u9996\u5148\uff0c\u5305\u62ec\u5f15\u5165\u653f\u7b56\u7b49\u3002<\/h1>\n\n- \n
\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u308b\u30eb\u30fc\u30eb\u3067\u306f\u3001\u8aa4\u691c\u77e5\u304c\u767a\u751f\u3059\u308b\u306e\u3067\u3001\u6700\u5c0f\u9650\u306e\u30eb\u30fc\u30eb\u306e\u307f\u6709\u52b9\u306b\u3057\u307e\u3059\u3002<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
\u73fe\u72b6\u3001\u672c\u756a\u74b0\u5883\u3067\u306e\u521d\u671f\u5c0e\u5165\u6642\u306fSQL\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3068\u30af\u30ed\u30b9\u30b5\u30a4\u30c8\u30b9\u30af\u30ea\u30d7\u30c6\u30a3\u30f3\u30b0\u306b\u95a2\u3059\u308b\u30eb\u30fc\u30eb\u306e\u307f\u6b8b\u3057\u3001\u4ed6\u306f\u7121\u52b9\u306b\u3057\u307e\u3059\u3002<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
\u6700\u521d\u306f\u3001\u691c\u51fa\u30aa\u30f3\u30ea\u30fc\u30e2\u30fc\u30c9\u3067\u69d8\u5b50\u3092\u307f\u308b\u306e\u304c\u826f\u3055\u305d\u3046\u3067\u3059\u3002<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
\u958b\u767a\u74b0\u5883\u3067\u306f\u5168\u3066\u306e\u30eb\u30fc\u30eb\u3092\u6709\u52b9\u306b\u3057\u3066\u307f\u308b\u306a\u3069\u3001\u3044\u308d\u3044\u308d\u8a66\u3057\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002\u554f\u984c\u306a\u3044\u3068\u78ba\u8a8d\u3067\u304d\u308c\u3070\u3001\u672c\u756a\u74b0\u5883\u3067\u968f\u6642\u30eb\u30fc\u30eb\u3092\u6709\u52b9\u306b\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u30ed\u30b0\u51fa\u529b\u304c\u591a\u3044\u306e\u3067\u3001\u30c7\u30a3\u30b9\u30af\u5bb9\u91cf\u306b\u4f59\u88d5\u306e\u306a\u3044\u74b0\u5883\u3067\u306f\u8a2d\u5b9a\u3092\u8abf\u6574\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\u672c\u756a\u74b0\u5883\u3067\u306e\u8aa4\u691c\u77e5\u767a\u751f\u306b\u305d\u306a\u3048\u3066\u3001\u7279\u5b9a\u306eURL\u3067\u30eb\u30fc\u30eb\u3092\u7121\u52b9\u306b\u3059\u308b\u65b9\u6cd5\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/ul>\n\u5b89\u88c5RPM\u8f6f\u4ef6\u5305<\/h1>\n
\u4eceepel\u4ed3\u5e93\u5b89\u88c5rpm\u8f6f\u4ef6\u5305\u3002<\/p>\n
#<\/span> yum -y<\/span> install <\/span>mod_security mod_security_crs\r\n<\/code><\/pre>\nmod_security\u662fApache\u7684\u6a21\u5757\uff0cmod_security_crs\u662fWAF\u7684\u89c4\u5219\u3002<\/p>\n
\u5728\u521d\u59cb\u5f15\u5bfc\u671f\u95f4\uff0c\u5fc5\u987b\u5728\u8c03\u6574\u8bbe\u7f6e\u540e\u91cd\u65b0\u542f\u52a8 Apache \u4ee5\u4f7f\u66f4\u6539\u751f\u6548\u3002<\/p>\n
#<\/span> service httpd restart\r\n<\/code><\/pre>\n\u5728\u66f4\u6539\u8bbe\u7f6e\u65f6\uff0c\u5c06\u901a\u8fc7\u91cd\u65b0\u52a0\u8f7d\u6765\u53cd\u6620\u3002<\/p>\n
#<\/span> service httpd reload\r\n<\/code><\/pre>\n\u53ea\u4fdd\u7559SQL\u6ce8\u5165\u548c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u7684\u89c4\u5219\uff0c\u7981\u7528\u5176\u4ed6\u89c4\u5219\u3002<\/h1>\n
\u5efa\u8bae\u4e8b\u5148\u5907\u4efd\uff0cWAF\u89c4\u5219\u9ed8\u8ba4\u52a0\u8f7d\u5728\/etc\/httpd\/modsecurity.d\/activated_rule\u76ee\u5f55\u4e0b\u3002<\/p>\n
#<\/span> cd<\/span> \/etc\/httpd\/modsecurity.d\r\n#<\/span> cp<\/span> -rp<\/span> activated_rule activated_rule.orig\r\n#<\/span> cd <\/span>activated_rule\r\n#<\/span> ls<\/span> -l<\/span>\r\ntotal 88\r\n<\/span>lrwxrwxrwx 1 root root 64 Jul 3 16:21 modsecurity_35_bad_robots.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_35_bad_robots.data\r\nlrwxrwxrwx 1 root root 62 Jul 3 16:21 modsecurity_35_scanners.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_35_scanners.data\r\nlrwxrwxrwx 1 root root 69 Jul 3 16:21 modsecurity_40_generic_attacks.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_40_generic_attacks.data\r\nlrwxrwxrwx 1 root root 75 Jul 3 16:21 modsecurity_41_sql_injection_attacks.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_41_sql_injection_attacks.data\r\nlrwxrwxrwx 1 root root 62 Jul 3 16:21 modsecurity_50_outbound.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_50_outbound.data\r\nlrwxrwxrwx 1 root root 70 Jul 3 16:21 modsecurity_50_outbound_malware.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_50_outbound_malware.data\r\nlrwxrwxrwx 1 root root 77 Jul 3 16:21 modsecurity_crs_20_protocol_violations.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_20_protocol_violations.conf\r\nlrwxrwxrwx 1 root root 76 Jul 3 16:21 modsecurity_crs_21_protocol_anomalies.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_21_protocol_anomalies.conf\r\nlrwxrwxrwx 1 root root 72 Jul 3 16:21 modsecurity_crs_23_request_limits.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_23_request_limits.conf\r\nlrwxrwxrwx 1 root root 69 Jul 3 16:21 modsecurity_crs_30_http_policy.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_30_http_policy.conf\r\nlrwxrwxrwx 1 root root 68 Jul 3 16:21 modsecurity_crs_35_bad_robots.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_35_bad_robots.conf\r\nlrwxrwxrwx 1 root root 73 Jul 3 16:21 modsecurity_crs_40_generic_attacks.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_40_generic_attacks.conf\r\nlrwxrwxrwx 1 root root 79 Jul 3 16:21 modsecurity_crs_41_sql_injection_attacks.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_41_sql_injection_attacks.conf\r\nlrwxrwxrwx 1 root root 69 Jul 3 16:21 modsecurity_crs_41_xss_attacks.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_41_xss_attacks.conf\r\nlrwxrwxrwx 1 root root 72 Jul 3 16:21 modsecurity_crs_42_tight_security.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_42_tight_security.conf\r\nlrwxrwxrwx 1 root root 65 Jul 3 16:21 modsecurity_crs_45_trojans.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_45_trojans.conf\r\nlrwxrwxrwx 1 root root 75 Jul 3 16:21 modsecurity_crs_47_common_exceptions.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_47_common_exceptions.conf\r\nlrwxrwxrwx 1 root root 82 Jul 3 16:21 modsecurity_crs_48_local_exceptions.conf.example -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_48_local_exceptions.conf.example\r\nlrwxrwxrwx 1 root root 74 Jul 3 16:21 modsecurity_crs_49_inbound_blocking.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_49_inbound_blocking.conf\r\nlrwxrwxrwx 1 root root 66 Jul 3 16:21 modsecurity_crs_50_outbound.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_50_outbound.conf\r\nlrwxrwxrwx 1 root root 75 Jul 3 16:21 modsecurity_crs_59_outbound_blocking.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_59_outbound_blocking.conf\r\nlrwxrwxrwx 1 root root 69 Jul 3 16:21 modsecurity_crs_60_correlation.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_60_correlation.conf\r\n<\/code><\/pre>\n\u6269\u5c55\u540d .data \u5305\u542b\u4e86\u7528\u4e8e\u53c2\u8003\u7684WAF\u89c4\u5219\u7b49\u5e38\u91cf\u7684\u5b9a\u4e49\u3002\u800c .conf \u5219\u662fWAF\u89c4\u5219\u7684\u5b9a\u4e49\u3002<\/p>\n
\u9664\u4e86SQL\u6ce8\u5165modsecurity_crs_41_sql_injection_attacks.conf\u548c\u8de8\u7ad9\u811a\u672cmodsecurity_crs_41_xss_attacks.conf\u4e4b\u5916\uff0c\u7981\u7528\u5176\u4ed6conf\u6587\u4ef6\u3002
\n\u5982\u679c\u4ec5\u4ec5\u5220\u9664\u7b26\u53f7\u94fe\u63a5\uff0c\u90a3\u4e48\u5728\u8fdb\u884cyum\u66f4\u65b0\u65f6\u5b83\u4eec\u4f1a\u518d\u6b21\u53d8\u4e3a\u6709\u6548\uff0c\u56e0\u6b64\u5c06\u5176\u66ff\u6362\u4e3a\u540c\u540d\u7684\u7a7a\u6587\u4ef6\u3002<\/p>\n
#<\/span> find .<\/span> -type<\/span> l -name<\/span> '*_crs_*'<\/span> | grep<\/span> -Ev<\/span> 'sql|xss'<\/span> | xargs -I<\/span>% echo rm<\/span> % \\;<\/span> touch<\/span> % | bash\r\n#<\/span> ls<\/span> -l<\/span>\r\ntotal 48\r\n<\/span>lrwxrwxrwx 1 root root 64 Jul 3 19:56 modsecurity_35_bad_robots.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_35_bad_robots.data\r\nlrwxrwxrwx 1 root root 62 Jul 3 19:56 modsecurity_35_scanners.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_35_scanners.data\r\nlrwxrwxrwx 1 root root 69 Jul 3 19:56 modsecurity_40_generic_attacks.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_40_generic_attacks.data\r\nlrwxrwxrwx 1 root root 75 Jul 3 19:56 modsecurity_41_sql_injection_attacks.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_41_sql_injection_attacks.data\r\nlrwxrwxrwx 1 root root 62 Jul 3 19:56 modsecurity_50_outbound.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_50_outbound.data\r\nlrwxrwxrwx 1 root root 70 Jul 3 19:56 modsecurity_50_outbound_malware.data -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_50_outbound_malware.data\r\n-rw-r--r-- 1 root root 0 Jul 3 19:56 modsecurity_crs_20_protocol_violations.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_21_protocol_anomalies.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_23_request_limits.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_30_http_policy.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_35_bad_robots.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_40_generic_attacks.conf\r\n<\/span>lrwxrwxrwx 1 root root 79 Jul 3 19:56 modsecurity_crs_41_sql_injection_attacks.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_41_sql_injection_attacks.conf\r\nlrwxrwxrwx 1 root root 69 Jul 3 19:56 modsecurity_crs_41_xss_attacks.conf -><\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_41_xss_attacks.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_42_tight_security.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_45_trojans.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_47_common_exceptions.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_48_local_exceptions.conf.example\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_49_inbound_blocking.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_50_outbound.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_59_outbound_blocking.conf\r\n-rw-r--r-- 1 root root 0 Jul 3 19:54 modsecurity_crs_60_correlation.conf\r\n<\/span><\/code><\/pre>\n\u8bf7\u6062\u590d\u7b26\u53f7\u94fe\u63a5\u4ee5\u4f7f\u5df2\u7ecf\u7981\u7528\u7684\u89c4\u5219\u751f\u6548\u3002<\/p>\n
#<\/span> ln<\/span> -sf<\/span> \/usr\/lib\/modsecurity.d\/base_rules\/modsecurity_crs_30_http_policy.conf .<\/span>\r\n<\/code><\/pre>\n\u53ef\u4ee5\u4ece\u5907\u4efd\u4e2d\u6062\u590d\u3002<\/p>\n
#<\/span> cp<\/span> -P<\/span> ..\/activated_rules.orig\/modsecurity_crs_30_http_policy.conf .<\/span>\r\n<\/code><\/pre>\n\u8981\u5c06\u9ed8\u8ba4\u8bbe\u7f6e\u6062\u590d\u5230 activated_rules \u7684\u5907\u4efd\u3002<\/p>\n
#<\/span> cd<\/span> \/etc\/httpd\/modsecurity.d\r\n#<\/span> mv <\/span>activated_rule activated_rule.bk &&<\/span> mv <\/span>activated_rule.orig activated_rule\r\n<\/code><\/pre>\n\u5982\u679c\u60a8\u9519\u8bef\u5730\u8986\u76d6\u6216\u5220\u9664\u4e86\u6587\u4ef6\u7b49\uff0c\u60f3\u8981\u56de\u5230\u9ed8\u8ba4\u72b6\u6001\uff0c\u53ef\u4ee5\u5148\u5220\u9664\u5df2\u8986\u76d6\u7684\u6587\u4ef6\uff0c\u7136\u540e\u91cd\u65b0\u5b89\u88c5 mod_security_crs \u5305\u3002<\/p>\n
#<\/span> rm<\/span> \/usr\/lib\/modsecurity.d\/base_rules\/*<\/span>.conf\r\n#<\/span> yum reinstall mod_security_crs\r\n<\/code><\/pre>\n\u65e5\u5fd7\u8f93\u51fa\u7684\u8c03\u6574<\/h1>\n
\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u9519\u8bef\u65e5\u5fd7\u4f1a\u8f93\u51fa\u5230 Apache \u7684 error_log \u548c \/var\/log\/httpd\/modsec_audit.log\u3002<\/p>\n
\u5728 modsec_audit.log \u65e5\u5fd7\u6587\u4ef6\u4e2d\uff0c\u9664\u4e86\u4e0e WAF \u65e0\u5173\u7684 404 \u9519\u8bef\u5916\uff0c\u8fd8\u4f1a\u8f93\u51fa4xx\u30015xx \u9519\u8bef\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u56e0\u6b64\uff0c\u5728\u78c1\u76d8\u7a7a\u95f4\u6709\u9650\u7684\u73af\u5883\u4e2d\uff0c\u65e5\u5fd7\u5f88\u5bb9\u6613\u81a8\u80c0\u5e76\u4e14\u5b58\u5728\u5371\u9669\u3002<\/p>\n
\u5728\u53ea\u6709\u9519\u8bef\u65e5\u5fd7\u7684\u60c5\u51b5\u4e0b\u53ef\u4ee5\u5224\u65ad\u662f\u5426\u88ab\u68c0\u6d4b\u5230\uff0c\u6240\u4ee5\u5728\u62c5\u5fc3\u7684\u73af\u5883\u4e2d\uff0c\u901a\u5e38\u5e94\u5c06\u8f93\u51fa\u5230modsec_audit.log\u7684\u529f\u80fd\u5173\u95ed\uff0c\u5e76\u5728\u9700\u8981\u7684\u65f6\u5019\u6253\u5f00\u3002<\/p>\n
SecAuditEngine Off\r\n<\/code><\/pre>\n\u786e\u8ba4\u52a8\u4f5c<\/h1>\n
\u6211\u5c06\u5c1d\u8bd5\u7ed9\u60a8\u63d0\u4f9b\u4e00\u79cd\u6c49\u8bed\u7684\u539f\u751f\u8868\u8fbe\u65b9\u5f0f\uff1a
\n\u901a\u8fc7\u5728GET\u53c2\u6570\u4e2d\u6dfb\u52a0?select+union\u6765\u8fdb\u884c\u6d4b\u8bd5\uff0c\u4ee5\u786e\u8ba4\u68c0\u6d4b\u5230SQL\u6ce8\u5165\u653b\u51fb\u540e\u662f\u5426\u4f1a\u51fa\u73b0403 Forbidden\u7684\u9519\u8bef\u3002
\n\u4f8b\u5982\uff1ahttps:\/\/example.com\/hoge\/?union+select<\/p>\n
\u4ee5\u4e0b\u662f\u9519\u8bef\u65e5\u5fd7\u7684\u8f93\u51fa\u793a\u4f8b\u3002<\/p>\n
[Thu Jul 05 13:57:50 2018] [error] [client 192.168.0.100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file \"\/etc\/httpd\/modsecurity.d\/activated_rules\/modsecurity_crs_41_sql_injection_attacks.conf\"] [line \"108\"] [id \"981317\"] [rev \"2\"] [msg \"SQL SELECT Statement Anomaly Detection Alert\"] [data \"Matched Data: Connection found within TX:sqli_select_statement_count: 3\"] [ver \"OWASP_CRS\/2.2.6\"] [maturity \"8\"] [accuracy \"8\"] [tag \"OWASP_CRS\/WEB_ATTACK\/SQL_INJECTION\"] [tag \"WASCTC\/WASC-19\"] [tag \"OWASP_TOP_10\/A1\"] [tag \"OWASP_AppSensor\/CIE1\"] [tag \"PCI\/6.5.2\"] [hostname \"example.com\"] [uri \"\/hoge\/\"] [unique_id \"Wz2lTsCoAa4AAEuRGe0AAAAA\"]\r\n<\/code><\/pre>\n\u53ef\u4ee5\u901a\u8fc7grep\u5b57\u7b26\u4e32\u201cModSecurity: Access denied with code\u201d\u6765\u8c03\u67e5\u662f\u5426\u68c0\u6d4b\u5230\u4e86WAF\u3002<\/p>\n
#<\/span> grep<\/span> 'ModSecurity: Access denied with code '<\/span> \/var\/log\/httpd\/ssl_error_log\r\n<\/code><\/pre>\n\u6aa2\u6e2c\u8cc7\u8a0a\u4ee5 [\u540d\u7a31 “\u6578\u503c”] \u7684\u5f62\u5f0f\u8f38\u51fa\uff0c\u8acb\u9069\u7576\u63d2\u5165\u63db\u884c\u7b26\u865f\u3002<\/p>\n
#<\/span> grep<\/span> 'ModSecurity: Access denied with code '<\/span> \/var\/log\/httpd\/ssl_error_log | tail<\/span> -1<\/span> | sed<\/span> 's\/ \\[\/\\n[\/g'<\/span> \r\n[Thu Jul 05 13:57:50 2018]\r\n[error]\r\n[client 192.168.0.100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count.\r\n[file \"\/etc\/httpd\/modsecurity.d\/activated_rules\/modsecurity_crs_41_sql_injection_attacks.conf\"]\r\n[line \"108\"]\r\n[id \"981317\"]\r\n[rev \"2\"]\r\n[msg \"SQL SELECT Statement Anomaly Detection Alert\"]\r\n[data \"Matched Data: Connection found within TX:sqli_select_statement_count: 3\"]\r\n[ver \"OWASP_CRS\/2.2.6\"]\r\n[maturity \"8\"]\r\n[accuracy \"8\"]\r\n[tag \"OWASP_CRS\/WEB_ATTACK\/SQL_INJECTION\"]\r\n[tag \"WASCTC\/WASC-19\"]\r\n[tag \"OWASP_TOP_10\/A1\"]\r\n[tag \"OWASP_AppSensor\/CIE1\"]\r\n[tag \"PCI\/6.5.2\"]\r\n[hostname \"example.com\"]\r\n[uri \"\/hoge\/\"]\r\n[unique_id \"Wz2lTsCoAa4AAEuRGe0AAAAA\"]\r\n\r\n<\/span><\/code><\/pre>\n\u91cd\u8981\u7684\u662f[id “981317”]\uff0c\u5728\u7981\u7528\u6b64\u89c4\u5219\u65f6\uff0c\u5e94\u6307\u5b9a\u7ed9SecRuleRemoveById\u3002<\/p>\n
\n- \n
id: \u691c\u77e5\u30eb\u30fc\u30ebID<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
client: \u691c\u77e5\u3055\u308c\u305f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8IP<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
file,line: \u691c\u77e5\u30eb\u30fc\u30eb\u5b9a\u7fa9\u5834\u6240<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
msg: \u691c\u77e5\u30eb\u30fc\u30eb\u306e\u6982\u8981<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
data: \u691c\u77e5\u3055\u308c\u305f\u554f\u984c\u306e\u30c7\u30fc\u30bf<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
hostname,uri: \u691c\u77e5\u3055\u308c\u305fURL<\/ul>\n\u4f7f\u7528\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u5728\u9002\u5f53\u7684\u6587\u672c\u8868\u5355\u4e2d\u8f93\u5165javascript:alert(document.cookie)\uff0c\u5e76\u63d0\u4ea4\u4ee5\u786e\u8ba4\u662f\u5426\u51fa\u73b0403 Forbidden\u9519\u8bef\u3002\u4e0b\u9762\u662f\u9519\u8bef\u65e5\u5fd7\u7684\u793a\u4f8b\u8f93\u51fa\u3002<\/p>\n
\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u662f\u6307\u5728\u9002\u5f53\u7684\u6587\u672c\u8868\u5355\u4e2d\u8f93\u5165javascript:alert(document.cookie)\uff0c\u7136\u540e\u63d0\u4ea4\u4ee5\u9a8c\u8bc1\u662f\u5426\u4f1a\u51fa\u73b0403 Forbidden\u9519\u8bef\u3002\u4ee5\u4e0b\u662f\u9519\u8bef\u65e5\u5fd7\u7684\u793a\u4f8b\u8f93\u51fa\u3002<\/p>\n
[Thu Jul 05 14:55:33 2018] [error] [client 192.168.0.100] ModSecurity: Access denied with code 403 (phase 2). Pattern match \"\\\\\\\\bdocument\\\\\\\\b\\\\\\\\s*\\\\\\\\.\\\\\\\\s*\\\\\\\\bcookie\\\\\\\\b\" at ARGS:login_email. [file \"\/etc\/httpd\/modsecurity.d\/activated_rules\/modsecurity_crs_41_xss_attacks.conf\"] [line \"107\"] [id \"958001\"] [rev \"2\"] [msg \"Cross-site Scripting (XSS) Attack\"] [data \"Matched Data: document.cookie found within ARGS:login_email: javascript:alert(document.cookie)\"] [severity \"CRITICAL\"] [ver \"OWASP_CRS\/2.2.6\"] [maturity \"8\"] [accuracy \"8\"] [tag \"OWASP_CRS\/WEB_ATTACK\/XSS\"] [tag \"WASCTC\/WASC-8\"] [tag \"WASCTC\/WASC-22\"] [tag \"OWASP_TOP_10\/A2\"] [tag \"OWASP_AppSensor\/IE1\"] [tag \"PCI\/6.5.1\"] [hostname \"example.com\"] [uri \"\/frontparts\/login_check.php\"] [unique_id \"Wz2y1cCoAa4AAEuTGnsAAAAC\"]\r\n<\/code><\/pre>\n\u9002\u5f53\u63d2\u5165\u6362\u884c\u4ee3\u7801\u3002<\/p>\n
#<\/span> grep<\/span> 'ModSecurity: Access denied with code '<\/span> \/var\/log\/httpd\/ssl_error_log | tail<\/span> -1<\/span> | sed<\/span> 's\/ \\[\/\\n[\/g'<\/span>\r\n[Thu Jul 05 14:55:33 2018]\r\n[error]\r\n[client 192.168.0.100] ModSecurity: Access denied with code 403 (phase 2). Pattern match \"\\\\\\\\bdocument\\\\\\\\b\\\\\\\\s*\\\\\\\\.\\\\\\\\s*\\\\\\\\bcookie\\\\\\\\b\" at ARGS:login_email.\r\n[file \"\/etc\/httpd\/modsecurity.d\/activated_rules\/modsecurity_crs_41_xss_attacks.conf\"]\r\n[line \"107\"]\r\n[id \"958001\"]\r\n[rev \"2\"]\r\n[msg \"Cross-site Scripting (XSS) Attack\"]\r\n[data \"Matched Data: document.cookie found within ARGS:login_email: javascript:alert(document.cookie)\"]\r\n[severity \"CRITICAL\"]\r\n[ver \"OWASP_CRS\/2.2.6\"]\r\n[maturity \"8\"]\r\n[accuracy \"8\"]\r\n[tag \"OWASP_CRS\/WEB_ATTACK\/XSS\"]\r\n[tag \"WASCTC\/WASC-8\"]\r\n[tag \"WASCTC\/WASC-22\"]\r\n[tag \"OWASP_TOP_10\/A2\"]\r\n[tag \"OWASP_AppSensor\/IE1\"]\r\n[tag \"PCI\/6.5.1\"]\r\n[hostname \"example.com\"]\r\n[uri \"\/frontparts\/login_check.php\"]\r\n[unique_id \"Wz2y1cCoAa4AAEuTGnsAAAAC\"]\r\n<\/span><\/code><\/pre>\n\u4ecePOST\u53c2\u6570ARGS: login_email\u4e2d\u53ef\u4ee5\u68c0\u6d4b\u5230\u8f93\u5165\u7684\u503cjavascript: alert(document.cookie)\u3002<\/p>\n
\u9274\u4e8e\u53e5\u5b50\u8fc7\u957f\uff0c\u4ee5\u4e0b\u662f\u8981\u70b9\u6982\u62ec\uff1a<\/p>\n
#<\/span> tail<\/span> -1<\/span> \/var\/log\/httpd\/ssl_error_log | perl -nle<\/span> '\/^(?:.*? ){3}(.*?) .*id \"(.*?)\".*msg \"(.*?)\"\/ && print \"$1 $2 $3\"'<\/span>\r\n<\/code><\/pre>\n\u7981\u7528WAF\u89c4\u5219<\/h1>\n
\u5982\u679c\u9519\u8bef\u5730\u68c0\u6d4b\u5230\u7528\u6237\u7684\u5408\u6cd5\u8bf7\u6c42\u5bfc\u81f4\u4e86\u865a\u5047\u9633\u6027\u7684\u53d1\u751f\uff0c\u6211\u4eec\u4f1a\u7acb\u523b\u7981\u7528WAF\u89c4\u5219\u6765\u8fdb\u884c\u5e94\u5bf9\u3002
\n\u5982\u679c\u68c0\u6d4b\u7ed3\u679c\u6b63\u786e\u4e14\u662f\u5e94\u7528\u7a0b\u5e8f\u65b9\u9762\u7684\u95ee\u9898\uff0c\u6211\u4eec\u4f1a\u4fee\u6b63\u540e\u91cd\u65b0\u542f\u7528\u89c4\u5219\u3002<\/p>\n
\u5982\u679cWAF\u68c0\u6d4b\u5230\u4e86\uff0c\u901a\u5e38\u4f1a\u9ed8\u8ba4\u8fd4\u56de403 Forbidden\u3002\u7531\u4e8e\u57fa\u672c\u8ba4\u8bc1\u548cIP\u9650\u5236\u4e5f\u4f1a\u5f15\u53d1\u6b64\u95ee\u9898\uff0c\u56e0\u6b64\u9700\u8981\u901a\u8fc7\u65e5\u5fd7\u786e\u8ba4\u662f\u5426\u662fWAF\u5f15\u8d77\u7684\u3002<\/p>\n
\u5b9a\u5236\u89c4\u5219\u6587\u4ef6<\/h2>\n
\u5982\u679c\u5b8c\u5168\u5173\u95ed\u89c4\u5219\uff0c\u5219\u6307\u5b9aSecRuleEngine\uff1b\u5982\u679c\u9010\u4e2a\u5173\u95ed\u89c4\u5219\uff0c\u5219\u6307\u5b9aSecRuleRemoveById\u3002\u53ef\u4ee5\u5728\u9664.htaccess\u4e4b\u5916\u7684\u4efb\u4f55\u4e0a\u4e0b\u6587\u4e2d\u8fdb\u884c\u8bf4\u660e\u3002\u5982\u679c\u8981\u5728\u9664\u865a\u62df\u4e3b\u673a\u4e4b\u5916\u7684\u4e0a\u4e0b\u6587\u4e2d\u8fdb\u884c\u8bf4\u660e\uff0c\u8bf7\u4f7f\u7528\u4e0b\u9762\u7684z_customrules.conf\u3002SecRuleRemoveById\u5fc5\u987b\u5728SecRule\u4e4b\u540e\u8fdb\u884c\u8bc4\u4f30\uff0c\u56e0\u6b64\u5728\u6b64\u6587\u4ef6\u4e2d\u8fdb\u884c\u8bf4\u660e\u662f\u5b89\u5168\u7684\u3002<\/p>\n
\u8bf7\u521b\u5efa\u4e00\u4e2a\u65b0\u6587\u4ef6\u5e76\u5199\u5165\u4e0b\u9762\u7684\u5185\u5bb9\uff0c\u7528\u4e8e\u81ea\u5b9a\u4e49\u539f\u5219\u548c\u8bbe\u7f6e\u3002
\n– \/etc\/httpd\/modsecurity.d\/activated_rules\/modsecurity_crs_15_customrules.conf
\n– \/etc\/httpd\/modsecurity.d\/activated_rules\/z_customrules.conf<\/p>\n
modsecurity_crs_15_customrules.conf \u5728\u5e38\u6570\u521d\u59cb\u5316\u4e4b\u540e\u548c\u89c4\u5219\u5b9a\u4e49\u4e4b\u524d\u88ab\u52a0\u8f7d\u3002\u9700\u8981\u5728SecRule\u4e4b\u524d\u7f16\u5199SecDefaultAction\u548c\u4f18\u5148\u4e8e\u9ed8\u8ba4\u89c4\u5219\u7684\u89c4\u5219\u7b49\u3002z_customrules.conf \u5728\u89c4\u5219\u5b9a\u4e49\u4e4b\u540e\u88ab\u52a0\u8f7d\u3002<\/p>\n
\u53ea\u9700\u68c0\u6d4b\u6a21\u5f0f<\/h2>\n
\u68c0\u6d4b\u4f46\u4e0d\u963b\u65ad\uff0c\u4ec5\u8bb0\u5f55\u65e5\u5fd7\u3002<\/p>\n
SecRuleEngine DetectionOnly\r\n<\/code><\/pre>\n\u5c06WAF\u529f\u80fd\u5b8c\u5168\u5173\u95ed\u3002<\/h2>\n
\u8981\u5b8c\u5168\u5173\u95ed\u529f\u80fd\uff0c\u8bf7\u6309\u7167\u4ee5\u4e0b\u65b9\u5f0f\u8fdb\u884c\u8bbe\u7f6e\u3002<\/p>\n
SecRuleEngine Off\r\n<\/code><\/pre>\n\u5728\u6307\u5b9a\u7684URL\u4e0a\u7981\u7528WAF\u529f\u80fd\u3002<\/h2>\n
\u5728\u7ba1\u7406\u754c\u9762\u4e0b\uff0c\u7981\u7528WAF\u7684\u8bbe\u7f6e\u5982\u4e0b\u6240\u793a\u3002<\/p>\n
<Directory \/var\/www\/html\/admin>\r\n SecRuleEngine Off\r\n<\/Directory>\r\n<\/code><\/pre>\n\u5982\u679cURL\u4e0d\u652f\u6301\u6587\u4ef6\uff0c\u90a3\u4e48\u5c06\u4f7f\u7528Location\u3002<\/p>\n
<Location \/admin>\r\n SecRuleEngine Off\r\n<\/Location>\r\n<\/code><\/pre>\n\u5982\u679c\u8981\u5355\u72ec\u7981\u7528\u89c4\u5219\uff0c\u8bf7\u4f7f\u7528SecRuleRemoveById\u6765\u63cf\u8ff0\u3002\u53ef\u4ee5\u4f7f\u7528\u7a7a\u683c\u5206\u9694\u7684\u53c2\u6570\u6765\u6307\u5b9a\u591a\u4e2a\u89c4\u5219ID\u3002\u53ef\u4ee5\u591a\u6b21\u4f7f\u7528SecRuleRemoveById\uff0c\u6ca1\u6709\u95ee\u9898\u3002<\/p>\n
<Directory \/var\/www\/html\/admin>\r\n SecRuleRemoveById 981317 950001 959073 981255 981245\r\n SecRuleRemoveById 950901 960024 981173 973300\r\n<\/Directory>\r\n<\/code><\/pre>\n\u5728\u865a\u62df\u4e3b\u673a\u7684\u60c5\u51b5\u4e0b\u7981\u7528WAF\u529f\u80fd\u3002<\/h2>\n
\u5728\u865a\u62df\u4e3b\u673a\u73af\u5883\u4e2d\uff0c\u63cf\u8ff0\u4e86\u5728\u7279\u5b9a\u7684URL\u4e0a\u7981\u7528WAF\u529f\u80fd\u7684\u8bbe\u7f6e\u3002<\/p>\n
<VirtualHost *:443>\r\n <IfModule mod_security2.c>\r\n SecRuleEngine Off\r\n <\/IfModule>\r\n<\/VirtualHost>\r\n<\/code><\/pre>\n\u5982\u679c\u5728mod_security.conf\u7684\u975e\u7ba1\u7406\u4e0a\u4e0b\u6587\u4e2d\u8fdb\u884c\u63cf\u8ff0\uff0c\u5219\u5e94\u6307\u5b9aIfModule\u4ee5\u786e\u4fdd\u6a21\u5757\u4e0a\u4f20\u4e0d\u4f1a\u5f15\u53d1\u9519\u8bef\u3002<\/p>\n
\u8c03\u6574\u5e16\u5b50\u5c3a\u5bf8<\/h1>\n
\u6839\u636ephp\u7684post_max_size\u548cupload_max_filesize\uff0c\u53ef\u80fd\u9700\u8981\u8c03\u6574WAF\u7684SecRequestBodyLimit\u548cSecRequestBodyNoFilesLimit\u3002<\/p>\n
\u53c2\u8003\u8d44\u6599<\/h1>\n
\u672c\u5730\u7ef4\u57fa\u767e\u79d1
\n\u672c\u5730\u53c2\u8003\u624b\u518cv2.x
\n\u672c\u5730\u65e5\u5fd7\u6570\u636e\u683c\u5f0f<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5e0c\u671b\u9009\u62e9\u9002\u5408\u7684\u73af\u5883 CentOS 6 \u6216 7 # rpm -q mod_security mod_securi […]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-36838","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n
\u5b89\u88c5 Apache WAF mod_security - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5b89\u88c5-apache-waf-mod_security\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u5b89\u88c5 Apache WAF mod_security\" \/>\n<meta property=\"og:description\" content=\"\u5e0c\u671b\u9009\u62e9\u9002\u5408\u7684\u73af\u5883 CentOS 6 \u6216 7 # rpm -q mod_security mod_securi […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u5b89\u88c5-apache-waf-mod_security\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-02T10:43:15+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-28T16:17:53+00:00\" \/>\n<meta name=\"author\" content=\"\u79d1, \u9896\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u79d1, \u9896\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/\",\"name\":\"\u5b89\u88c5 Apache WAF mod_security - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-10-02T10:43:15+00:00\",\"dateModified\":\"2024-04-28T16:17:53+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u5b89\u88c5 Apache WAF mod_security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e\",\"name\":\"\u79d1, \u9896\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g\",\"caption\":\"\u79d1, \u9896\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u5b89\u88c5 Apache WAF mod_security - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u5b89\u88c5-apache-waf-mod_security\/","og_locale":"zh_CN","og_type":"article","og_title":"\u5b89\u88c5 Apache WAF mod_security","og_description":"\u5e0c\u671b\u9009\u62e9\u9002\u5408\u7684\u73af\u5883 CentOS 6 \u6216 7 # rpm -q mod_security mod_securi […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u5b89\u88c5-apache-waf-mod_security\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-10-02T10:43:15+00:00","article_modified_time":"2024-04-28T16:17:53+00:00","author":"\u79d1, \u9896","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u79d1, \u9896","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"8 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/","name":"\u5b89\u88c5 Apache WAF mod_security - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-10-02T10:43:15+00:00","dateModified":"2024-04-28T16:17:53+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u5b89\u88c5 Apache WAF mod_security"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/8ca01ba7f7362ad4edb7da206a12f29e","name":"\u79d1, \u9896","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8a6fb3cc7ba2f69d2189ba532aec4633ea7ed75ac0af162ec367cb3abc0fb2af?s=96&d=mm&r=g","caption":"\u79d1, \u9896"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/keying\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e5%ae%89%e8%a3%85-apache-waf-mod_security\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36838","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=36838"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36838\/revisions"}],"predecessor-version":[{"id":67731,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36838\/revisions\/67731"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=36838"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=36838"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=36838"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}