1、当nginx代理出现403,且error.log出现如下拦截
2023/02/07 15:54:08 [error] 3138#0: *210956 [client 119.147.10.185] ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `15' ) [file "/root/nginx/conf/owasp-modsecurity-crs-3.2.0/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "79"] [id "949110"] [rev ""] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [data ""] [severity "2"] [ver ""] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "172.17.0.3"] [uri "/wp-admin/post.php"] [unique_id "167575644832.378402"] [ref ""], client: 119.147.10.185, server: blog.moyiaomiao.com, request: "POST /wp-admin/post.php HTTP/2.0", host: "blog.moyiaomiao.com", referrer: "https://blog.moyiaomiao.com/wp-admin/post.php?post=119&action=edit"
2、配置modsecurity.conf 将/wp-admin 在该条规则下放通
SecRule REQUEST_FILENAME "@beginsWith /wp-admin" "phase:2,log,pass,id:10001,ctl:ruleRemoveById=949110"
参考:
https://www.bbsmax.com/A/QV5ZZV1y5y/
https://blog.csdn.net/qq_42890862/article/details/124451964
