العودة   منتدى نيو حب > منتديات الحاسب والاتصالات > تطوير المواقع > منتدى السيرفرات

Issue with Mod Security, tab state not saved between page reload

منتدى السيرفرات


17-07-2012, 09:06 AM
admin
 
Issue with Mod Security, tab state not saved between page reload

Issue Summary

This report might be useful for anyone using Mod Security throwing false positives at jquery ui tabs.

When trying out this module i ran into an issue where Overlay ceased working, and turned up to be mod security eating the , literally.

Searching up in google turned up this text:

When using the functionality with tabs you run into a situation where you hit the second tab (id=1) and you get the to store as ui-tabs-1=1

The 1=1 part of that query string causes mod security to incorrectly believe this is a SQL Injection Attack.

Mod Security is correctly set to detect the 1=1 because an injection code can use it to force a condition that is always true.

This particular issue is tied to the naming convention of jquery tabs, so it comes hard coded and thus the thing to do is to amend the modsec rule to create an exception.


الحل باختصار اضف
كود PHP:
SecRule REQUEST_HEADERS|XML:/ |!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:      |REQUEST_       |REQUEST_       _NAMES|!REQUEST_       :/^ui-tabs-1$/ "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'901',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRuleRemoveById 959901 
من مواضيع : admin تثبت HHVM على نظام أوبنتو 14.04 (linux)
CentOS packages don't update from node v5.12.0 to 8
suspend all site ايقاف جميع المواقع على السيرفر
لمعرفة اخطاء داخل الاباتشى httpd.conf
تراخيص سي بنل شهرى Cpanel License
 

الكلمات الدلالية (Tags)
issue, mod, page, reload, saved, security, state, tab

أدوات الموضوع

الانتقال السريع

Issue with Mod Security, tab state not saved between page reload

الساعة الآن 12:57 PM