问题:
在浏览器中输入127.0.0.1或者主机IP,都会出现一下错误:
/**********/
Bad Request
Your browser sent a request that this server could not understand.
Apache/2.2.0 (Fedora) Server at 127.0.0.1 Port 80
/*********/
如果在主机上用浏览器打开http://主机名/则能够正常打开网页,没有提示错误
查看日志:
/**********/
[Mon Aug 27 08:15:56 2007] [error] [client 127.0.0.1] ModSecurity: Access denied with code 400 (phase 1). Pattern match "^[\\\\d\\\\.]+$" at REQUEST_HEADERS:Host. [id "960017"] [msg "Host header is a numeric IP address"] [severity "CRITICAL"] [hostname "127.0.0.1"] [uri "/"] [unique_id "QrBrQ38AAAEAACZ5GVAAAAAH"]
/******/
解决:
编辑文件/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf
注释掉此句(也就是在前面加"#"):
SecRule REQUEST_HEADERS:Host "^[\d\.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',id:'960017'
然后重启服务httpd
这样子应该还是会存在安全漏洞。
阅读(912) | 评论(0) | 转发(0) |