Fehler bei der ModSecurity Einrichtung

passy · December 29, 2016, 9:58pm

Hallo liebes Forum,

Ich habe folgendes Problem und benötige Unterstützung bezüglich der Einrichtung von ModSecurity mit einem Apache Webserver.
Mir wird folgender Fehler angezeigt:

Fehler: Ihr Webserver ist noch nicht hinreichend für Datei-Synchronisation konfiguriert, weil die WebDAV-Schnittstelle vermutlich defekt ist.

Erwartetes Verhalten
Ich habe die IDs in der ModSecurity conf freigegeben. Diese habe ich im Log gefunden. Eigentlich hätte ich erwartet, dass die Owncloud nun keine Probleme mehr aufweist.

Aktuelles Verhalten
Allerdings besteht der Fehler weiterhin und im Log tauchen weiterhin die freigegebenen Ids auf.

Server-Konfiguration
Betriebssystem: Debain 8 Jessy
Webserver-Typ: Apache
Datenbank-Typ: MySQL
PHP-Version: 5.5.4
ownCloud-Version: 9.1.2 Neu installiert
Sonderkonfigurationen: externe Festplatte, ModSecurity, modEvasive

ownCloud log (export Weboberfläche)

{"reqId":"WGWAM8CosjIAAF0HC8cAAAAD","remoteAddr":"#","app":"PHP","message":"is_writeable(): open_basedir restriction in effect. File(\/tmp) is not within the allowed path(s): (\/var\/www\/html\/owncloud:\/media\/sda1\/owncloud:\/dev\/urandom) at \/var\/www\/html\/owncloud\/lib\/private\/TempManager.php#258","level":3,"time":"2016-12-29T21:29:24+00:00","method":"GET","url":"\/index.php\/settings\/ajax\/checksetup","user":"19Admin07-Owncloud"}
{"reqId":"WGWAM8CosjIAAF0HC8cAAAAD","remoteAddr":"#","app":"no app in context","message":"Temporary directory \/tmp is not present or writable","level":2,"time":"2016-12-29T21:29:24+00:00","method":"GET","url":"\/index.php\/settings\/ajax\/checksetup","user":"19Admin07-Owncloud"}
{"reqId":"WGWAUcCosjIAAFzcBCUAAAAJ","remoteAddr":"#","app":"PHP","message":"is_writeable(): open_basedir restriction in effect. File(\/srv\/www\/owncloud\/temp) is not within the allowed path(s): (\/var\/www\/html\/owncloud:\/media\/sda1\/owncloud:\/dev\/urandom) at \/var\/www\/html\/owncloud\/lib\/private\/TempManager.php#258","level":3,"time":"2016-12-29T21:29:53+00:00","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","user":"19Admin07-Owncloud"}
{"reqId":"WGWAUcCosjIAAFzcBCUAAAAJ","remoteAddr":"#","app":"no app in context","message":"Temporary directory \/srv\/www\/owncloud\/temp is not present or writable","level":2,"time":"2016-12-29T21:29:53+00:00","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","user":"19Admin07-Owncloud"}
{"reqId":"WGWAUcCosjIAAFzcBCUAAAAJ","remoteAddr":"#","app":"PHP","message":"is_writeable(): open_basedir restriction in effect. File(\/tmp) is not within the allowed path(s): (\/var\/www\/html\/owncloud:\/media\/sda1\/owncloud:\/dev\/urandom) at \/var\/www\/html\/owncloud\/lib\/private\/TempManager.php#258","level":3,"time":"2016-12-29T21:29:53+00:00","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","user":"19Admin07-Owncloud"}
{"reqId":"WGWAUcCosjIAAFzcBCUAAAAJ","remoteAddr":"#","app":"no app in context","message":"Temporary directory \/tmp is not present or writable","level":2,"time":"2016-12-29T21:29:53+00:00","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","user":"19Admin07-Owncloud"}
{"reqId":"WGWAb8CosjIAAE0uOfsAAAAF","remoteAddr":"#","app":"PHP","message":"is_writeable(): open_basedir restriction in effect. File(\/srv\/www\/owncloud\/temp) is not within the allowed path(s): (\/var\/www\/html\/owncloud:\/media\/sda1\/owncloud:\/dev\/urandom) at \/var\/www\/html\/owncloud\/lib\/private\/TempManager.php#258","level":3,"time":"2016-12-29T21:30:23+00:00","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","user":"19Admin07-Owncloud"}
{"reqId":"WGWAb8CosjIAAE0uOfsAAAAF","remoteAddr":"#","app":"no app in context","message":"Temporary directory \/srv\/www\/owncloud\/temp is not present or writable","level":2,"time":"2016-12-29T21:30:23+00:00","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","user":"19Admin07-Owncloud"}
{"reqId":"WGWAb8CosjIAAE0uOfsAAAAF","remoteAddr":"#","app":"PHP","message":"is_writeable(): open_basedir restriction in effect. File(\/tmp) is not within the allowed path(s): (\/var\/www\/html\/owncloud:\/media\/sda1\/owncloud:\/dev\/urandom) at \/var\/www\/html\/owncloud\/lib\/private\/TempManager.php#258","level":3,"time":"2016-12-29T21:30:23+00:00","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","user":"19Admin07-Owncloud"}
{"reqId":"WGWAb8CosjIAAE0uOfsAAAAF","remoteAddr":"#","app":"no app in context","message":"Temporary directory \/tmp is not present or writable","level":2,"time":"2016-12-29T21:30:23+00:00","method":"GET","url":"\/ocs\/v2.php\/apps\/notifications\/api\/v1\/notifications?format=json","user":"19Admin07-Owncloud"}
{"reqId":"WGWAcsCosjIAAE0uOfwAAAAF","remoteAddr":"#","app":"PHP","message":"is_writeable(): open_basedir restriction in effect. File(\/srv\/www\/owncloud\/temp) is not within the allowed path(s): (\/var\/www\/html\/owncloud:\/media\/sda1\/owncloud:\/dev\/urandom) at \/var\/www\/html\/owncloud\/lib\/private\/TempManager.php#258","level":3,"time":"2016-12-29T21:30:26+00:00","method":"GET","url":"\/index.php\/settings\/admin\/log\/entries?offset=3&count=10","user":"19Admin07-Owncloud"}
{"reqId":"WGWAcsCosjIAAE0uOfwAAAAF","remoteAddr":"#","app":"no app in context","message":"Temporary directory \/srv\/www\/owncloud\/temp is not present or writable","level":2,"time":"2016-12-29T21:30:26+00:00","method":"GET","url":"\/index.php\/settings\/admin\/log\/entries?offset=3&count=10","user":"19Admin07-Owncloud"}
{"reqId":"WGWAcsCosjIAAE0uOfwAAAAF","remoteAddr":"#","app":"PHP","message":"is_writeable(): open_basedir restriction in effect. File(\/tmp) is not within the allowed path(s): (\/var\/www\/html\/owncloud:\/media\/sda1\/owncloud:\/dev\/urandom) at \/var\/www\/html\/owncloud\/lib\/private\/TempManager.php#258","level":3,"time":"2016-12-29T21:30:26+00:00","method":"GET","url":"\/index.php\/settings\/admin\/log\/entries?offset=3&count=10","user":"19Admin07-Owncloud"}
{"reqId":"WGWAcsCosjIAAE0uOfwAAAAF","remoteAddr":"#","app":"no app in context","message":"Temporary directory \/tmp is not present or writable","level":2,"time":"2016-12-29T21:30:26+00:00","method":"GET","url":"\/index.php\/settings\/admin\/log\/entries?offset=3&count=10","user":"19Admin07-Owncloud"}
{"reqId":"WGWAh8CosjIAAFDnWaYAAAAH","remoteAddr":"#","app":"PHP","message":"is_writeable(): open_basedir restriction in effect. File(\/srv\/www\/owncloud\/temp) is not within the allowed path(s): (\/var\/www\/html\/owncloud:\/media\/sda1\/owncloud:\/dev\/urandom) at \/var\/www\/html\/owncloud\/lib\/private\/TempManager.php#258","level":3,"time":"2016-12-29T21:30:47+00:00","method":"GET","url":"\/index.php\/settings\/admin\/log\/download","user":"19Admin07-Owncloud"}
{"reqId":"WGWAh8CosjIAAFDnWaYAAAAH","remoteAddr":"#","app":"no app in context","message":"Temporary directory \/srv\/www\/owncloud\/temp is not present or writable","level":2,"time":"2016-12-29T21:30:47+00:00","method":"GET","url":"\/index.php\/settings\/admin\/log\/download","user":"19Admin07-Owncloud"}
{"reqId":"WGWAh8CosjIAAFDnWaYAAAAH","remoteAddr":"#","app":"PHP","message":"is_writeable(): open_basedir restriction in effect. File(\/tmp) is not within the allowed path(s): (\/var\/www\/html\/owncloud:\/media\/sda1\/owncloud:\/dev\/urandom) at \/var\/www\/html\/owncloud\/lib\/private\/TempManager.php#258","level":3,"time":"2016-12-29T21:30:47+00:00","method":"GET","url":"\/index.php\/settings\/admin\/log\/download","user":"19Admin07-Owncloud"}
{"reqId":"WGWAh8CosjIAAFDnWaYAAAAH","remoteAddr":"#","app":"no app in context","message":"Temporary directory \/tmp is not present or writable","level":2,"time":"2016-12-29T21:30:47+00:00","method":"GET","url":"\/index.php\/settings\/admin\/log\/download","user":"19Admin07-Owncloud"}

Apache Log

[Thu Dec 29 22:40:48.421744 2016] [:error] [pid 23816] [#] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "example"] [uri "/status.php"] [unique_id "WGWC4MCosjIAAF0IQX8AAAAG"]
92.75.219.37 - - [29/Dec/2016:22:40:48 +0100] "GET /status.php HTTP/1.1" 403 3748 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 6408)"
[Thu Dec 29 22:40:53.210700 2016] [:error] [pid 19755] [client #] ModSecurity: Rule b5386a80 [id "981172"][file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "example"] [uri "/ocs/v2.php/apps/notifications/api/v1/notifications"] [unique_id "WGWC5cCosjIAAE0r3XsAAAAC"]
# - - [29/Dec/2016:22:40:53 +0100] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1085 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Thu Dec 29 22:41:20.468130 2016] [:error] [pid 23773] [#] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "example"] [uri "/status.php"] [unique_id "WGWDAMCosjIAAFzdd14AAAAK"]
92.75.219.37 - - [29/Dec/2016:22:41:20 +0100] "GET /status.php HTTP/1.1" 403 3748 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 6408)"
[Thu Dec 29 22:41:23.226420 2016] [:error] [pid 23776] [client #] ModSecurity: Rule b5386a80 [id "981172"][file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "example"] [uri "/ocs/v2.php/apps/notifications/api/v1/notifications"] [unique_id "WGWDA8CosjIAAFzg2ZIAAAAA"]
# - - [29/Dec/2016:22:41:23 +0100] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1085 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Thu Dec 29 22:41:52.422418 2016] [:error] [pid 23779] [#] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "example"] [uri "/status.php"] [unique_id "WGWDIMCosjIAAFzjTIgAAAAL"]
92.75.219.37 - - [29/Dec/2016:22:41:52 +0100] "GET /status.php HTTP/1.1" 403 3748 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 6408)"
[Thu Dec 29 22:41:53.232830 2016] [:error] [pid 23815] [client #] ModSecurity: Rule b5386a80 [id "981172"][file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "example"] [uri "/ocs/v2.php/apps/notifications/api/v1/notifications"] [unique_id "WGWDIcCosjIAAF0HC8wAAAAD"]
# - - [29/Dec/2016:22:41:53 +0100] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1085 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Thu Dec 29 22:42:23.225772 2016] [:error] [pid 20711] [client #] ModSecurity: Rule b5386a80 [id "981172"][file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "example"] [uri "/ocs/v2.php/apps/notifications/api/v1/notifications"] [unique_id "WGWDP8CosjIAAFDnWawAAAAH"]
# - - [29/Dec/2016:22:42:23 +0100] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1085 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Thu Dec 29 22:42:24.575191 2016] [:error] [pid 23776] [#] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "example"] [uri "/status.php"] [unique_id "WGWDQMCosjIAAFzg2ZMAAAAA"]
92.75.219.37 - - [29/Dec/2016:22:42:24 +0100] "GET /status.php HTTP/1.1" 403 3748 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 6408)"
[Thu Dec 29 22:42:53.241256 2016] [:error] [pid 19758] [client #] ModSecurity: Rule b5386a80 [id "981172"][file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "example"] [uri "/ocs/v2.php/apps/notifications/api/v1/notifications"] [unique_id "WGWDXcCosjIAAE0uOgEAAAAF"]
# - - [29/Dec/2016:22:42:53 +0100] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1085 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Thu Dec 29 22:42:56.491143 2016] [:error] [pid 23815] [#] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "example"] [uri "/status.php"] [unique_id "WGWDYMCosjIAAF0HC80AAAAD"]
92.75.219.37 - - [29/Dec/2016:22:42:56 +0100] "GET /status.php HTTP/1.1" 403 3748 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 6408)"
[Thu Dec 29 22:43:23.333678 2016] [:error] [pid 23772] [client #] ModSecurity: Rule b5386a80 [id "981172"][file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "example"] [uri "/ocs/v2.php/apps/notifications/api/v1/notifications"] [unique_id "WGWDe8CosjIAAFzcBCoAAAAJ"]
# - - [29/Dec/2016:22:43:23 +0100] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 4157 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Thu Dec 29 22:43:28.481030 2016] [:error] [pid 23816] [#] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "example"] [uri "/status.php"] [unique_id "WGWDgMCosjIAAF0IQYAAAAAG"]
92.75.219.37 - - [29/Dec/2016:22:43:28 +0100] "GET /status.php HTTP/1.1" 403 3748 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 6408)"
[Thu Dec 29 22:43:53.281181 2016] [:error] [pid 23773] [client #] ModSecurity: Rule b5386a80 [id "981172"][file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "example"] [uri "/ocs/v2.php/apps/notifications/api/v1/notifications"] [unique_id "WGWDmcCosjIAAFzdd18AAAAK"]
# - - [29/Dec/2016:22:43:53 +0100] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1085 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Thu Dec 29 22:44:00.484303 2016] [:error] [pid 20711] [#] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "example"] [uri "/status.php"] [unique_id "WGWDoMCosjIAAFDnWa0AAAAH"]
92.75.219.37 - - [29/Dec/2016:22:44:00 +0100] "GET /status.php HTTP/1.1" 403 3748 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 6408)"
[Thu Dec 29 22:44:23.235862 2016] [:error] [pid 19755] [client #] ModSecurity: Rule b5386a80 [id "981172"][file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "example"] [uri "/ocs/v2.php/apps/notifications/api/v1/notifications"] [unique_id "WGWDt8CosjIAAE0r3XwAAAAC"]
# - - [29/Dec/2016:22:44:23 +0100] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1085 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Thu Dec 29 22:44:32.538823 2016] [:error] [pid 23779] [#] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "example"] [uri "/status.php"] [unique_id "WGWDwMCosjIAAFzjTIkAAAAL"]
92.75.219.37 - - [29/Dec/2016:22:44:32 +0100] "GET /status.php HTTP/1.1" 403 3748 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 6408)"
[Thu Dec 29 22:44:53.238768 2016] [:error] [pid 23815] [client #] ModSecurity: Rule b5386a80 [id "981172"][file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "example"] [uri "/ocs/v2.php/apps/notifications/api/v1/notifications"] [unique_id "WGWD1cCosjIAAF0HC84AAAAD"]
# - - [29/Dec/2016:22:44:53 +0100] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1085 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Thu Dec 29 22:45:04.590279 2016] [:error] [pid 23772] [#] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "example"] [uri "/status.php"] [unique_id "WGWD4MCosjIAAFzcBCsAAAAJ"]
92.75.219.37 - - [29/Dec/2016:22:45:04 +0100] "GET /status.php HTTP/1.1" 403 3748 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 6408)"
[Thu Dec 29 22:45:23.239858 2016] [:error] [pid 23773] [client #] ModSecurity: Rule b5386a80 [id "981172"][file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "example"] [uri "/ocs/v2.php/apps/notifications/api/v1/notifications"] [unique_id "WGWD88CosjIAAFzdd2AAAAAK"]
# - - [29/Dec/2016:22:45:23 +0100] "GET /ocs/v2.php/apps/notifications/api/v1/notifications?format=json HTTP/1.1" 200 1085 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Thu Dec 29 22:45:36.546657 2016] [:error] [pid 23771] [#] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/base_rules/modsecurity_crs_21_protocol_anomalies.conf"] [line "47"] [id "960015"] [rev "1"] [msg "Request Missing an Accept Header"] [severity "NOTICE"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_ACCEPT"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "example"] [uri "/status.php"] [unique_id "WGWEAMCosjIAAFzbg3sAAAAI"]
92.75.219.37 - - [29/Dec/2016:22:45:36 +0100] "GET /status.php HTTP/1.1" 403 3748 "-" "Mozilla/5.0 (Windows) mirall/2.2.4 (build 6408)"

Integrity status für oC9+

No errors have been found.

anon81984126 · January 15, 2017, 4:22pm

Hi,

https://modsecurity.org/help.html listed ein paar Optionen auf wie Du Hilfe zur korrekten Einrichtung und erstellen von Ausnahmen für mod_security bekommst.

passy · May 18, 2018, 9:53am

Vielen Dank für deine Antwort!