【发布时间】:2015-03-22 12:56:30
【问题描述】:
我将 Apache 与 Apache Tomcat 链接起来,昨晚它运行良好,直到我今天再次尝试运行系统时,它给了我一个拒绝访问错误。我的 Apache 服务器中的 mod_security 配置了 OWasp 规则。这是错误日志:
ModSecurity: Access denied with code 403 (phase 1). Match of "within {tx.allowed_methods}" against "REQUEST_METHOD" required [file "C:/SourceCodes/Apache24/conf/owasp-modsecurity-crs-master/base_rules/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "localhost"] [uri "/XSS_Attack_Test/"] [unique_id "VQ67McCoAWwAABg4SGoAAAA@"]
[Sun Mar 22 20:53:05.769945 2015] [:error] [pid 6200:tid 1084] [client ::1] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "C:/SourceCodes/Apache24/conf/owasp-modsecurity-crs-master/base_rules/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "localhost"] [uri "/favicon.ico"] [unique_id "VQ67McCoAWwAABg4SGsAAAA@"]
【问题讨论】:
-
错误日志肯定没有在一行中包含此内容。请edit,以便我们更好地阅读。
-
日志的哪一部分你不明白?
-
很多。我是 Web 开发新手。
-
我的意思是日志的格式应该和你看到的完全一样。断开单个日志行几乎与将多个日志行连接在一起一样糟糕。
-
它在一个文本文件中。