误报提交入口

kop5 发表于 2024-5-12 19:10
过滤规则        语义分析分析出SQL注入
传入值        s＝aimer open the door
风险值        aimer open the door ...

好的。今天修复

过滤规则        语义分析分析出SQL注入
传入值        s＝aimer open the door
风险值        aimer open the door

宝塔用户_eazfeu 发表于 2024-4-29 17:30
误报阿里云CDN的IP，但是明明已经打开了CDN开关

默认是一个小时更新一次。然后可以手动更新。
你可以先升级到9.4.0。今天下午刚刚上了这个同步的功能。

kop5 发表于 2024-5-6 11:12
/?s＝Open+The+Safe&type＝post

过滤规则        语义分析分析出SQL注入

已经修复了。你直接修复一下防火墙插件。需要修复到9.4.0

宝塔用户_eazfeu 发表于 2024-4-29 17:30
误报阿里云CDN的IP，但是明明已经打开了CDN开关

修复一下防火墙插件。已经处理完毕。

kop5 发表于 2024-5-6 11:12
/?s＝Open+The+Safe&type＝post

过滤规则        语义分析分析出SQL注入

9.4.1 会进行修复。应该就是这两天更新

/?s＝Open+The+Safe&type＝post

过滤规则        语义分析分析出SQL注入
传入值        s＝Open The Safe

误报阿里云CDN的IP，但是明明已经打开了CDN开关

宝塔用户_glysll 发表于 2024-4-24 17:55
这个看一下

更新到最新版9.4.0 即可

rewalax 发表于 2024-4-2 09:02
更新nginx防火墙9.3.8后minio上传文件仍然误报参数超过8000拦截

更新即可

这个看一下

GET /null HTTP/1.1
accept-language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
connection: keep-alive
accept: image/avif,image/webp,*/*
accept-encoding: gzip, deflate
host: 1.460.icu
cache-control: no-cache
pragma: no-cache
cookie: PHPSESSID=um1gc0qide10gpif7i2u6cvf26; mysid=2790b5232fc54352a3f46735c3f10651; op=false
referer: http://1.460.icu/?cid=1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0

我这URL关键词拦截里面就没有这个词啊，怎么还拦截了？

文章不能修改：POST /index.php?m=content&c=content&a=edit HTTP/1.1
sec-ch-ua-platform:"Windows"
eagleeye-traceid:7827c3a917128896223258235e
host:www.xxx.com
cookie:Hm_lvt_3b6d904a3b1f60dba9266ee796678582=1704282652; Hm_lvt_77ff918529cb55da3697a20cd6b3deda=1704282652; PHPSESSID=30mmna07f56s20dr82jnq65gd1; bEIUg_admin_username=303cNdocnmUKfUX_qmGpg0AtWdn5dwkapB2Bnu84uu_Lrg; bEIUg_siteid=7eda3g_9jMesgO6SI6ohEsLYAk9bz_0RdzkkBxvc; bEIUg_userid=242acm5A8QjxidNXFRdMm-f_ya-Ze3PYa8IRMDpnTA; bEIUg_admin_email=d7fdT8Dz1qIaifgC9rmiqoNbuHOv3dC3vJ9mGisiy-Z9u6wxkqLKUviL; bEIUg_sys_lang=bc6dRnXG-lAjs_oCUfL3BKDR-pzIfxOnw1xiLnIKlwjGxA; bEIUg_module=3bdcOlJMlKtkw-Or1CMqjRrNFL4bjHD2T7DgI_uix5Dqq9_j; bEIUg_catid=0879LiEA7JstwkQm_jrWj8G7Z7z1DI2-VqymFs52UA; sYQDUGqqzHrefersh_time=1
sec-fetch-user:?1
accept-language:zh-CN,zh;q=0.9
accept-encoding:gzip, deflate, br
referer:https://www.xxx.com/index.php?m=content&c=content&a=edit&catid=15&id=43166&pc_hash=245l7w
upgrade-insecure-requests:1
sec-fetch-dest:document
sec-fetch-mode:navigate
x-forwarded-for:120.41.124.223
content-type:multipart/form-data; boundary=----WebKitFormBoundaryRAYYs2Y8R0w7W6iU
ali-swift-stat-host:level2.www.xxx.com
content-length:10970
sec-fetch-site:same-origin
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
cache-control:max-age=0
ali-swift-log-host:www.xxx.com
origin:https://www.xxx.com
x-client-scheme:https
via:cn2974.l1, cache21.cn2974, l2cn1803.l2, cache44.l2cn1803
sec-ch-ua-mobile:?0
ali-cdn-real-ip:120.41.124.223
sec-ch-ua:";Not A Brand";v="99", "Chromium";v="94"
user-agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36 Core/1.94.225.400 QQBrowser/12.2.5544.400

POST /admin.php/article/add.html HTTP/1.1
accept-language: zh-TW,zh;q=0.9
content-type: application/x-www-form-urlencoded
connection: keep-alive
content-length: 9722
cache-control: max-age=0
host: xxx.com
cookie: xxxxxxxxxx
accept-encoding: gzip, deflate
origin: http://xxx.com
referer: http://xxx.com/admin.php/article/add.html
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36