Problemas con Mod_Security
-
Hola buenas tardes compañeros disculpen tengo el problema con el modulo de mod_security aunque use el tutorial de mi VPS para configurarlo no me funciona este es el tutorial https://www.digitalocean.com/… y no me ha funcionado… el log que me arroja es este:
--4e1e5d67-A-- [09/Mar/2015:18:00:36 --0400] VP4YBH8AAQEAAEIZHLAAAAAD 108.162.215.51 26926 188.166.22.225 80 --4e1e5d67-B-- GET /wp-admin/load-styles.php?c=0&dir=ltr&load=dashicons,admin-bar,wp-admin,buttons,wp-auth-check&ver=4.1.1 HTTP/1.1 Host: www.sitio.com Connection: Keep-Alive Accept-Encoding: gzip CF-IPCountry: MX X-Forwarded-For: 187.156.132.131 CF-RAY: 1c4a0dbae4fb0d67-LAX X-Forwarded-Proto: http CF-Visitor: {"scheme":"http"} Cache-Control: max-age=0 Authorization: Basic YWRtaW46MnNGZkNablJ3WQ== Accept: text/css,*/*;q=0.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36 Referer: http://www.sitio.com/wp-admin/index.php Accept-Language: es-419,es;q=0.8 Cookie: wordpress_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C3c0620c201d4b6cee6837098575d7a920a29d0d0af30e66cdd4b0bfa5aa2b01a; __cfduid=db0a91b5e49396bc380afbc800c3688041425937533; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C7674eaa2048bad6f73aba5c354bc8ca97e8bf2787c3a55bba627db4ed51a0cca; wp-settings-1=mfold%3Do%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1425937594 CF-Connecting-IP: 187.156.132.131 True-Client-IP: 0 --4e1e5d67-F-- HTTP/1.1 403 Forbidden Content-Length: 226 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1 --4e1e5d67-E-- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /wp-admin/load-styles.php on this server.</p> </body></html> --4e1e5d67-H-- Message: Access denied with code 403 (phase 2). Pattern match "([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\"\\'\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\
\\<\\>].*?){4,}» at ARGS:load. [file «/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf»] [line «159»] [id «981173»] [rev «2»] [msg «Restricted SQL Character Anomaly Detection Alert – Total # of special characters exceeded»] [data «Matched Data: – found within ARGS:load: dashicons,admin-bar,wp-admin,buttons,wp-auth-check»] [ver «OWASP_CRS/2.2.8»] [maturity «9»] [accuracy «8»] [tag «OWASP_CRS/WEB_ATTACK/SQL_INJECTION»]
Action: Intercepted (phase 2)
Apache-Handler: application/x-httpd-php
Stopwatch: 1425938436554838 4378 (- – -)
Stopwatch2: 1425938436554838 4378; combined=2917, p1=329, p2=2578, p3=0, p4=0, p5=9, sr=55, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Server: Apache
Engine-Mode: «ENABLED»–4e1e5d67-Z–
–4e1e5d67-A–
[09/Mar/2015:18:00:36 –0400] VP4YBH8AAQEAAEIa1jUAAAAE 108.162.215.51 63336 188.166.22.225 80
–4e1e5d67-B–
GET /wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,wp-ajax-response,jquery-color,wp-lists,quicktags,jquery-query,admin-comments,jquery-ui-core,jquery-&load%5B%5D=ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,dashboard,underscore,customize-base,customize-loader,thickbox,plugin-instal&load%5B%5D=l,shortcode,media-upload,svg-painter,heartbeat,wp-auth-check,word-count,wplink&ver=4.1.1 HTTP/1.1
Host: http://www.sitio.com
Connection: Keep-Alive
Accept-Encoding: gzip
CF-IPCountry: MX
X-Forwarded-For: 187.156.132.131
CF-RAY: 1c4a0dbb79a7142b-LAX
X-Forwarded-Proto: http
CF-Visitor: {«scheme»:»http»}
Cache-Control: max-age=0
Authorization: Basic YWRtaW46MnNGZkNablJ3WQ==
Accept: */*
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36
Referer: http://www.sitio.com/wp-admin/index.php
Accept-Language: es-419,es;q=0.8
Cookie: wordpress_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C3c0620c201d4b6cee6837098575d7a920a29d0d0af30e66cdd4b0bfa5aa2b01a; __cfduid=db0a91b5e49396bc380afbc800c3688041425937533; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C7674eaa2048bad6f73aba5c354bc8ca97e8bf2787c3a55bba627db4ed51a0cca; wp-settings-1=mfold%3Do%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1425937594
CF-Connecting-IP: 187.156.132.131
True-Client-IP: 0–4e1e5d67-F–
HTTP/1.1 403 Forbidden
Content-Length: 227
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1–4e1e5d67-E–
<!DOCTYPE HTML PUBLIC «-//IETF//DTD HTML 2.0//EN»>
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don’t have permission to access /wp-admin/load-scripts.php
on this server.</p>
</body></html>–4e1e5d67-H–
Message: Access denied with code 403 (phase 2). Pattern match «([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\»\\’\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){4,}» at ARGS:load[]. [file «/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf»] [line «159»] [id «981173»] [rev «2»] [msg «Restricted SQL Character Anomaly Detection Alert – Total # of special characters exceeded»] [data «Matched Data: – found within ARGS:load[]: hoverIntent,common,admin-bar,wp-ajax-response,jquery-color,wp-lists,quicktags,jquery-query,admin-comments,jquery-ui-core,jquery-«] [ver «OWASP_CRS/2.2.8»] [maturity «9»] [accuracy «8»] [tag «OWASP_CRS/WEB_ATTACK/SQL_INJECTION»]
Action: Intercepted (phase 2)
Apache-Handler: application/x-httpd-php
Stopwatch: 1425938436632363 5149 (- – -)
Stopwatch2: 1425938436632363 5149; combined=3858, p1=294, p2=3544, p3=0, p4=0, p5=19, sr=36, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Server: Apache
Engine-Mode: «ENABLED»–4e1e5d67-Z–
–1709dd03-A–
[09/Mar/2015:18:03:26 –0400] VP4Yrn8AAQEAAEI75uMAAAAK 108.162.215.51 64181 188.166.22.225 80
–1709dd03-B–
GET /wp-admin/load-styles.php?c=0&dir=ltr&load=dashicons,admin-bar,wp-admin,buttons,wp-auth-check&ver=4.1.1 HTTP/1.1
Host: http://www.sitio.com
Connection: Keep-Alive
Accept-Encoding: gzip
CF-IPCountry: MX
X-Forwarded-For: 187.156.132.131
CF-RAY: 1c4a11e011c90075-LAX
X-Forwarded-Proto: http
CF-Visitor: {«scheme»:»http»}
Cache-Control: max-age=0
Authorization: Basic YWRtaW46MnNGZkNablJ3WQ==
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36
Referer: http://www.sitio.com/wp-admin/index.php
Accept-Language: es-419,es;q=0.8
Cookie: wordpress_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C3c0620c201d4b6cee6837098575d7a920a29d0d0af30e66cdd4b0bfa5aa2b01a; __cfduid=db0a91b5e49396bc380afbc800c3688041425937533; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C7674eaa2048bad6f73aba5c354bc8ca97e8bf2787c3a55bba627db4ed51a0cca; wp-settings-1=mfold%3Do%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1425937594
CF-Connecting-IP: 187.156.132.131
True-Client-IP: 0–1709dd03-F–
HTTP/1.1 403 Forbidden
Content-Length: 226
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1–1709dd03-E–
<!DOCTYPE HTML PUBLIC «-//IETF//DTD HTML 2.0//EN»>
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don’t have permission to access /wp-admin/load-styles.php
on this server.</p>
</body></html>–1709dd03-H–
Message: Access denied with code 403 (phase 2). Pattern match «([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\»\\’\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){4,}» at ARGS:load. [file «/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf»] [line «159»] [id «981173»] [rev «2»] [msg «Restricted SQL Character Anomaly Detection Alert – Total # of special characters exceeded»] [data «Matched Data: – found within ARGS:load: dashicons,admin-bar,wp-admin,buttons,wp-auth-check»] [ver «OWASP_CRS/2.2.8»] [maturity «9»] [accuracy «8»] [tag «OWASP_CRS/WEB_ATTACK/SQL_INJECTION»]
Action: Intercepted (phase 2)
Apache-Handler: application/x-httpd-php
Stopwatch: 1425938606334255 4929 (- – -)
Stopwatch2: 1425938606334255 4929; combined=3322, p1=360, p2=2954, p3=0, p4=0, p5=7, sr=40, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Server: Apache
Engine-Mode: «ENABLED»–1709dd03-Z–
–1709dd03-A–
[09/Mar/2015:18:03:26 –0400] VP4Yrn8AAQEAAEI6YY8AAAAJ 108.162.215.51 18090 188.166.22.225 80
–1709dd03-B–
GET /wp-admin/load-scripts.php?c=0&load%5B%5D=hoverIntent,common,admin-bar,wp-ajax-response,jquery-color,wp-lists,quicktags,jquery-query,admin-comments,jquery-ui-core,jquery-&load%5B%5D=ui-widget,jquery-ui-mouse,jquery-ui-sortable,postbox,dashboard,underscore,customize-base,customize-loader,thickbox,plugin-instal&load%5B%5D=l,shortcode,media-upload,svg-painter,heartbeat,wp-auth-check,word-count,wplink&ver=4.1.1 HTTP/1.1
Host: http://www.sitio.com
Connection: Keep-Alive
Accept-Encoding: gzip
CF-IPCountry: MX
X-Forwarded-For: 187.156.132.131
CF-RAY: 1c4a11e09c0c07df-LAX
X-Forwarded-Proto: http
CF-Visitor: {«scheme»:»http»}
Cache-Control: max-age=0
Authorization: Basic YWRtaW46MnNGZkNablJ3WQ==
Accept: */*
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36
Referer: http://www.sitio.com/wp-admin/index.php
Accept-Language: es-419,es;q=0.8
Cookie: wordpress_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C3c0620c201d4b6cee6837098575d7a920a29d0d0af30e66cdd4b0bfa5aa2b01a; __cfduid=db0a91b5e49396bc380afbc800c3688041425937533; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_8f5eef52e5077749114dfd84f4e32abf=comunicacion%7C1427147193%7C8e8hel7LeMmV5CiCMn8Rx174aT2TtOAM1Dd7fA6Dse2%7C7674eaa2048bad6f73aba5c354bc8ca97e8bf2787c3a55bba627db4ed51a0cca; wp-settings-1=mfold%3Do%26hidetb%3D1%26libraryContent%3Dbrowse; wp-settings-time-1=1425937594
CF-Connecting-IP: 187.156.132.131
True-Client-IP: 0–1709dd03-F–
HTTP/1.1 403 Forbidden
Content-Length: 227
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1–1709dd03-E–
<!DOCTYPE HTML PUBLIC «-//IETF//DTD HTML 2.0//EN»>
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don’t have permission to access /wp-admin/load-scripts.php
on this server.</p>
</body></html>–1709dd03-H–
Message: Access denied with code 403 (phase 2). Pattern match «([\\~\\!\\@\\#\\$\\%\\^\\&\\*\\(\\)\\-\\+\\=\\{\\}\\[\\]\\|\\:\\;\»\\’\\\xc2\xb4\\\xe2\x80\x99\\\xe2\x80\x98\\`\\<\\>].*?){4,}» at ARGS:load[]. [file «/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf»] [line «159»] [id «981173»] [rev «2»] [msg «Restricted SQL Character Anomaly Detection Alert – Total # of special characters exceeded»] [data «Matched Data: – found within ARGS:load[]: hoverIntent,common,admin-bar,wp-ajax-response,jquery-color,wp-lists,quicktags,jquery-query,admin-comments,jquery-ui-core,jquery-«] [ver «OWASP_CRS/2.2.8»] [maturity «9»] [accuracy «8»] [tag «OWASP_CRS/WEB_ATTACK/SQL_INJECTION»]
Action: Intercepted (phase 2)
Apache-Handler: application/x-httpd-php
Stopwatch: 1425938606419745 5363 (- – -)
Stopwatch2: 1425938606419745 5363; combined=3831, p1=394, p2=3425, p3=0, p4=0, p5=11, sr=71, sw=1, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Server: Apache
Engine-Mode: «ENABLED»–1709dd03-Z– `
Como podría solucionarlo? lo he intentado desde hace 1 semana y no puedo buscando en foros y sitios web, ya no supe que más hacer mas que pedirles ayuda a la comunidad, espero y me puedan ayudar, Saludos.
- El debate ‘Problemas con Mod_Security’ está cerrado a nuevas respuestas.