1

我一生都无法阅读正则表达式。
有人有时间帮我弄清楚为什么我的主机上次更新时突然触发了 mod_security 吗?

我收到这个 mod_security 错误:

消息:使用代码 406(第 2 阶段)拒绝访问。REQUEST_HEADERS:Cookie 的模式匹配“ \b(\d+) ?= ?\1\b|[\'"](\w+)[\'"] ?= ?[\'"]\2\b”。[file "/usr/local/apache/conf/modsec2.user.conf"] [line "94"] [id "959901"] [msg "SQL Injection Attack"] [data "1=1"] [severity" CRITICAL"] [标签 "WEB_ATTACK/SQL_INJECTION"]

这是生成此错误的记录的 cookie 之一:

饼干:pmr=9d800ab159baf3962d1c777225b4b632;pmr_referrer=http%3A%2F%2Frateyourmusic.com%2Fadmin%2Fcoraq%2F%3F1%3D1%26status%3Dw%26show%3D10%26start%3D7020; __utma=229707933.920390620.1326769663.1326769663.1326769663.1;__utmb=229707933.1.10.1326769663; __utmc=229707933; __utmz=229707933.1326769663.1.1.utmcsr=rateyourmusic.com|utmccn=(推荐)|utmcmd=推荐|utmcct=/admin/corq/

这是因为“admin”在 cookie 中而触发吗???

这是另一个...

饼干:ui-tabs-1=1;superBAGUS=af14474b9bcc7ec3ae436e58ba172520; superBAGUS_referrer=...; superBAGUS_admin=2%3A747167a9cd89703dbfafe3c7a5c523b4; acco=acco_1; superBAGUS_adviews=.2576.2580.; __utma=10910262.1479346800.1326871079.1326871079.1326873539.2;__utmb=10910262.10.8.1326873800604; __utmc=10910262; __utmz=10910262.1326871079.1.1.utmcsr=(直接)|utmccn=(直接)|utmcmd=(无)

这是因为“ui-tabs-1=1”看起来像 1=1 注入而触发的吗???

这个模式匹配到底是什么?

4

1 回答 1

2

正则表达式与第一个模式不匹配,所以我不知道可能出了什么问题。

但它确实匹配1=1第二个模式的部分,所以你的假设是正确的。

正则表达式的解释:

\b             # Assert position at the start of an alphanumeric "word"
(\d+)          # Match a number
 ?= ?          # Match =, optionally surrounded by spaces
\1             # Match the same number as before
\b             # Assert position at the end of an alphanumeric "word"
|              #  or
['"](\w+)['"]  # Match a quoted "word"
 ?= ?          # Match =, optionally surrounded by spaces
['"]\2\b       # Match a quote and the same word as before.
于 2012-01-18T16:40:14.980 回答