为了加强Apache2.0的安全性,系统安装时会默认安装Mod_Security模组增加安全,不过由于此模组限制的安全性偏高,因此会出现以下几种状况﹕
使用真实IP连结时,会出现HTTP Error 400的讯息,讯息如下:
Bad Request
Your browser sent a request that this server could not understand.
Apache/2.2.0 (Fedora) Server at 127.0.0.1 Port 80
程式如果有使用Ajax撰写者,会容易连线失败。
解决方法:
编辑文件/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf
SecRule REQUEST_HEADERS:Host "^[\d\.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',id:'960017'
改为
#SecRule REQUEST_HEADERS:Host "^[\d\.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',id:'960017'
移除Mod_Security套件,虽然不太建议不过这也是一个解决方案。
yum remove -y mod_security
阅读(916) | 评论(1) | 转发(0) |
