xpredo script

العودة   نيو حب > منتديات الحاسب والاتصالات > تطوير المواقع والمنتديات > منتدى السيرفرات
التسجيل

Issue with Mod Security, tab state not saved between page reload

منتدى السيرفرات

17-07-2012, 09:06 AM
hosam
 
Issue with Mod Security, tab state not saved between page reload

Issue Summary

This report might be useful for anyone using Mod Security throwing false positives at jquery ui tabs.

When trying out this module i ran into an issue where Overlay ceased working, and turned up to be mod security eating the , literally.

Searching up in google turned up this text:

When using the functionality with tabs you run into a situation where you hit the second tab (id=1) and you get the to store as ui-tabs-1=1

The 1=1 part of that query string causes mod security to incorrectly believe this is a SQL Injection Attack.

Mod Security is correctly set to detect the 1=1 because an injection code can use it to force a condition that is always true.

This particular issue is tied to the naming convention of jquery tabs, so it comes hard coded and thus the thing to do is to amend the modsec rule to create an exception.


الحل باختصار اضف
كود PHP:
SecRule REQUEST_HEADERS|XML:/ |!REQUEST_HEADERS:Referer|!REQUEST_HEADERS:      |REQUEST_       |REQUEST_       _NAMES|!REQUEST_       :/^ui-tabs-1$/ "\b(\d+) ?= ?\1\b|[\'\"](\w+)[\'\"] ?= ?[\'\"]\2\b" \
"phase:2,capture,t:none,t:urlDecodeUni,t:htmlEntityDecode,t:replaceComments,t:compressWhiteSpace,t:lowercase,ctl:auditLogParts=+E,log,auditlog,msg:'SQL Injection Attack',id:'901',tag:'WEB_ATTACK/SQL_INJECTION',logdata:'%{TX.0}',severity:'2'"
SecRuleRemoveById 959901 
من مواضيع : hosam مشكله فى Suhosin / Hardened PHP
افراغ الذاكره من الكاش سيرفرات لينكس
تحديث perl الى اخر اصدار 5.8.8 | اصلاح perl - cgi
ضبط إعدادات ملف my.cnf
متابعة اخطاء apache
 

الكلمات الدلالية (Tags)
issue, mod, page, reload, saved, security, state, tab

أدوات الموضوع

الانتقال السريع

المواضيع المتشابهه
من مختبر الكاسبر جديد Kaspersky Internet Security 7.0.0.111 nct

Issue with Mod Security, tab state not saved between page reload

الساعة الآن 05:14 PM.