ModSecurity: Warning. Operator GE matched 4 at TX:outbound_anomaly_score. [file "/opt/apache/conf/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "102"] [id "980140"] [msg "Outbound Anomaly Score Exceeded (score 4): individual paranoia level scores: 4, 0, 0, 0"] [ver "OWASP_CRS/3.2.0"] [tag "event-correlation"] [hostname "www.mangoi.co.kr"] [uri "/lms/class_order_list.php"] [unique_id "YOP5dK0sw8F5Z9UiuqLccQAAABA"], referer: http://www.mangoi.co.kr/lms/index.php
ㄴ 위와 같으면
/opt/apache/conf/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf 접속하여
line 102 가보면
ver:'OWASP_CRS/3.2.0'" 해당 부분이며
해당 내용에 관련된 룰 전부 주석처리 하면된다.
93 #SecRule TX:OUTBOUND_ANOMALY_SCORE "@ge %{tx.outbound_anomaly_score_threshold}" \
94 # "id:980140,\
95 # phase:5,\
96 # pass,\
97 # t:none,\
98 # log,\
99 # noauditlog,\
100 # msg:'Outbound Anomaly Score Exceeded (score %{TX.OUTBOUND_ANOMALY_SCORE}): individual paranoia level scores: %{TX.OUTBOUND_ANOMALY_SCORE_PL1}, %{TX.
OUTBOUND_ANOMALY_SCORE_PL2}, %{TX.OUTBOUND_ANOMALY_SCORE_PL3}, %{TX.OUTBOUND_ANOMALY_SCORE_PL4}',\
101 # tag:'event-correlation',\
102 # ver:'OWASP_CRS/3.2.0'"
'Security > OS 관련' 카테고리의 다른 글
| QOS (트래픽 제한 두번째 방법) (0) | 2023.11.07 |
|---|---|
| 트래픽 용량 제한(QOS) (0) | 2023.11.07 |
| apache 2.4 mod 시큐리티 (0) | 2023.11.07 |
| mod_security 적용 방법 (0) | 2023.11.07 |
| OS 변조파일 검사 (rkhunter) (0) | 2023.11.07 |