误报提交入口

为啥有的IP老师被cc过滤掉啊

客户反馈误报

[backcolor=rgba(242, 242, 242, 0.557)]Nginx防火墙 9.7.7  参数正常  经常误报拦截sql注入和PHP代码执行

[img]blob:https://www.bt.cn/7ad83473-09c1-4ab4-b270-e458f32a4049[/img]

[img]blob:https://www.bt.cn/fd0fdacd-0dc5-4dd8-ab69-75bc3b2f8bfc[/img]

GET /bdftp/136214.html HTTP/1.1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
referer: https://m.baidu.com/
accept-encoding: gzip, deflate
accept-language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
user-agent: Mozilla/5.0 (Linux; Android 15; PHK110 Build/AP3A.240617.008; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/97.0.4692.98 Mobile Safari/537.36 T7/15.19 SP-engine/3.49.0 bd_dvt/0 baiduboxapp/15.23.0.11 (Baidu; P1 15) NABar/1.0
purpose: prefetch
x-forwarded-for: 240e:471:40b0:2862:d444:55ff:fe74:d26e
x-requested-with: com.baidu.searchbox
host: 3g.99bdf.com
x-cuid: 8F813F607B0BE3068CEF96520FA00F5D|VXKWXPETL
x-from-h3-trnet: true
x-bd-traceid: b7c65fd6f0f0434d98590f9460ff88c6
upgrade-insecure-requests: 1
x-t5-auth: 11872527

yangmo 发表于 2025-9-3 09:14
GET /bdftp/136214.html HTTP/1.1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/ ...

这是不是误报啊？

提交post有拦截，提示http包未结尾，实际上浏览器上header上看是有前面有------后面--结尾的。不过在拦截记录上看只有前面的而且是---了，同时fom-data的选项也是关闭的。还会有这个拦截


POST /***/***/yukaikai?id=37 HTTP/1.1
sec-ch-ua-platform: "Windows"
host: ****.cn
sec-fetch-dest: empty
sec-fetch-site: same-origin
x-csrf-token: B0KnNoAyusakIcqSJhuq24031MXXeDs6jrl_k1cuBk1eI8Ni0VSMiOZxksFFSNqTxwOah5xPWkDIzz3KGnliew==
content-type: multipart/form-data; boundary=----WebKitFormBoundarywIGCbvVYNtBbfcLW
cookie: _csrf=0202bb981943c7e21

误拦截，请求处理。谢谢

有点懵了，怎么也没看出来这段英文里面有啥内容，导致的。

误报，请处理：

1. POST /index.php HTTP/1.1
   
2. sec-ch-ua-mobile: ?0
   
3. sec-fetch-site: same-origin
   
4. sec-fetch-mode: cors
   
5. sec-fetch-dest: empty
   
6. cookie: 31284979f43c1bd3452369d882c50733=9p4gj3ua0j8qtup8qrmg871vjm; server_name_session=da9388ba2677bf7d412c699d186d6285; SITE_TOTAL_ID=7587a1d4ded52b7f5950e217c83b40b5; 27c8d99729f52c006516d55b5d8b6fa3=f0ivg1frlivjmt0k0vs90t9hj1; 67909b18d1cc6be9bcb7a827ce95f1aa=12
   
7. user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.0.0
   
8. content-length: 22069
   
9. accept: */*
   
10. referer: https://www.【网站域名】.com/administrator/index.php?option=com_ajax&templateStyle=12&p=customizer&format=html
    
11. host:【网站域名】
    
12. accept-language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
    
13. sec-ch-ua-platform: "Windows"
    
14. priority: u=1, i
    
15. accept-encoding: gzip, deflate, br, zstd
    
16. origin: https://【网站域名】
    
17. sec-ch-ua: "Not;A=Brand";v="99", "Microsoft Edge";v="139", "Chromium";v="139"
    
18. content-type: application/x-www-form-urlencoded
    
19. 
    
20. customizer=eyJ1c2VyX2lkIjo3OTQsImFkbWluIjp0cnVlLCJjb25maWciOnsieW9vdGhlbWVfYXBpa2V5Ijoia3JsNmJTUVEyRHJ2ZHFjcEllNklUR1B4NGk2Y1hoOHVpbGlaMGQ2OSIsIm1lbnUiOnsiaXRlbXMiOnsiMTAzIjp7ImNvbnRlbnQiOm51bGwsImRyb3Bkb3duIjp7ImNvbHVtbnMiOjEsIndpZHRoIjoiMzYwIiwiYWxpZ24iOiIiLCJzdHJldGNoIjoiIiwic2l6ZSI6ZmFsc2V9LCJpY29uIjoiIn19LCJwb3NpdGlvbnMiOnsibmF2YmFyIjp7InN0eWxlIjoiZGVmYXVsdCIsImltYWdlX21hcmdpbiI6dHJ1ZSwiaW1hZ2VfYWxpZ24iOiJjZW50ZXIiLCJtZW51IjoiIn0sImhlYWRlciI6eyJzdHlsZSI6ImRlZmF1bHQiLCJpbWFnZV9tYXJnaW4iOnRydWUsImltYWdlX2FsaWduIjoiY2VudGVyIn0sInRvb2xiYXItbGVmdCI6eyJzdHlsZSI6ImRlZmF1bHQiLCJpbWFnZV9tYXJnaW4iOnRydWUsImltYWdlX2FsaWduIjoiY2VudGVyIn0sInRvb2xiYXItcmlnaHQiOnsic3R5bGUiOiJkZWZhdWx0IiwiaW1hZ2VfbWFyZ2luIjp0cnVlLCJpbWFnZV9hbGlnbiI6ImNlbnRlciJ9LCJkaWFsb2ciOnsic3R5bGUiOiJkZWZhdWx0IiwiaW1hZ2VfbWFyZ2luIjp0cnVlLCJpbWFnZV9hbGlnbiI6ImNlbnRlciJ9LCJuYXZiYXItbW9iaWxlIjp7InN0eWxlIjoiZGVmYXVsdCIsImltYWdlX21hcmdpbiI6dHJ1ZSwiaW1hZ2VfYWxpZ24iOiJjZW50ZXIifSwiaGVhZGVyLW1vYmlsZSI6eyJzdHlsZSI6ImRlZmF1bHQiLCJpbWFnZV9tYXJnaW4iOnRydWUsImltYWdlX2FsaWduIjoiY2VudGVyIn0sImRp....太长了

复制代码

这个密码没什么问题吧

有两个误报，求处理~
1.
https://ibb.co/dJXQtnjx

1. POST /wp-admin/admin-ajax.php HTTP/1.1
   
2. sec-fetch-mode: cors
   
3. x-requested-with: XMLHttpRequest
   
4. sec-fetch-dest: empty
   
5. content-type: application/x-www-form-urlencoded; charset=UTF-8
   
6. host: drawref.cn
   
7. cookie: wordpress_sec_ffc1ba70b5e171dbe59bf82ac7a04634=jychen0906%7C1759595131%7CbbIF6sdlR23zHv6t6g5wYPHZodkhekza7Kd333je7KA%7C45a28b00ec60c48189c24e44a17155f77cbe478656dc566c7e9ef22e5167a328; wordpress_sec_60b02cc40310f1cd32de548b7149e6df=jychen0906%7C1759749936%7CRn0XWA4hrYklP0pkg8FqeIwqVV9ax1HN0O77lhdO2fW%7C5b7b5cfda2ee8fa7b11986d032b51d5b0c6ec9c72d4da7f58fb40f11de0ba034; SITE_TOTAL_ID=56c0b413e6246b6d75ca0258c9d12257; _ga=GA1.1.868638658.1759418686; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_ffc1ba70b5e171dbe59bf82ac7a04634=jychen0906%7C1759595131%7CbbIF6sdlR23zHv6t6g5wYPHZodkhekza7Kd333je7KA%7C92d28417b5dee84f9b9375440cd663112c5ae9f7bcf6acb6d9114507529818fa; wp_lang=zh_CN; server_name_session=aa8fa59d076368f5e9ac7e85fbcbb2d5; wp-dark-mode-device=dark; wp-dark-mode-choice=light; _ga_5TFS8M5TTY=GS2.1.s1759561209$o6$g1$t1759561248$j21$l0$h0; viewed_articles=746%2C739%2C496%2C370%2C595; wordpress_logged_in_60b02cc40310f1cd32de548b7149e6df=jychen0906%7C1759749936%7CRn0XWA4hrYklP0pkg8FqeIwqVV9ax1HN0O77lhdO2fW%7Cc63dbcecf7cb2fbadcf0f2445fdb0433988876e65e549cbcb4755ec3158df94f; wp-settings-1=libraryContent%3Dbrowse%26editor%3Dhtml; wp-settings-time-1=1759577137; _ga_NZDP5TH01J=GS2.1.s1759576670$o14$g1$t1759577911$j58$l0$h0
   
8. sec-ch-ua-platform: "Windows"
   
9. user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36 Edg/140.0.0.0
   
10. sec-ch-ua: "Chromium";v="140", "Not=A?Brand";v="24", "Microsoft Edge";v="140"
    
11. sec-ch-ua-mobile: ?0
    
12. content-length: 2314
    
13. priority: u=1, i
    
14. accept-language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
    
15. origin: https://drawref.cn
    
16. accept: */*
    
17. referer: https://drawref.cn/wp-admin/edit.php?page=to-interface-post
    
18. accept-encoding: gzip, deflate, br, zstd
    
19. sec-fetch-site: same-origin
    
20. dnt: 1
    
21. 
    
22. action=update-taxonomy-order&order=%7B%220%22%3A%22item%5B%5D%3D117%26item%5B%5D%3D120%26item%5B%5D%3D3%26item%5B%5D%3D1%26item%5B%5D%3D4%26item%5B%5D%3D5%26item%5B%5D%3D6%26item%5B%5D%3D107%26item%5B%5D%3D7%26item%5B%5D%3D8%26item%5B%5D%3D9%26item%5B%5D%3D10%26item%5B%5D%3D73%26item%5B%5D%3D74%26item%5B%5D%3D75%22%2C%22item_117%22%3A%22item%5B%5D%3D118%26item%5B%5D%3D119%22%2C%22item_120%22%3A%22item%5B%5D%3D121%22%2C%22item_3%22%3A%22item%5B%5D%3D19%26item%5B%5D%3D20%26item%5B%5D%3D21%26item%5B%5D%3D22%26item%5B%5D%3D23%22%2C%22item_1%22%3A%22item%5B%5D%3D11%26item%5B%5D%3D12%26item%5B%5D%3D13%26item%5B%5D%3D14%26item%5B%5D%3D15%26item%5B%5D%3D16%26item%5B%5D%3D17%26item%5B%5D%3D18%22%2C%22item_4%22%3A%22item%5B%5D%3D24%26item%5B%5D%3D25%26item%5B%5D%3D26%26item%5B%5D%3D30%26item%5B%5D%3D27%26item%5B%5D%3D28%26item%5B%5D%3D29%26item%5B%5D%3D31%26item%5B%5D%3D32%26item%5B%5D%3D34%26item%5B%5D%3D35%26item%5B%5D%3D36%26item%5B%5D%3D91%22%2C%22item_5%22%3A%22item%5B%5D%3D46%26item%5B%5D%3D47%26item%5B%5D%3D48%26item%5B%5D%3D90%22%2C%22item_6%22%3A%22item%5B%5D%3D50%26item%5B%5D%3D52%26item%5B%5D%3D53%26item%5B%5D%3D54%26item%5B%5D%3D115%26item%5B%5D%3D55%26item%5B%5D%3D88%22%2C%22item_107%22%3A%22item%5B%5D%3D108%26item%5B%5D%3D109%26item%5B%5D%3D110%26item%5B%5D%3D111%22%2C%22item_7%22%3A%22item%5B%5D%3D37%26item%5B%5D%3D38%26item%5B%5D%3D39%26item%5B%5D%3D40%26item%5B%5D%3D41%26item%5B%5D%3D42%26item%5B%5D%3D43%26item%5B%5D%3D44%26item%5B%5D%3D45%26item%5B%5D%3D89%22%2C%22item_8%22%3A%22item%5B%5D%3D57%26item%5B%5D%3D58%26item%5B%5D%3D59%26item%5B%5D%3D60%26item%5B%5D%3D61%26item%5B%5D%3D87%22%2C%22item_9%22%3A%22item%5B%5D%3D63%26item%5B%5D%3D92%26item%5B%5D%3D62%26item%5B%5D%3D64%26item%5B%5D%3D93%22%2C%22item_10%22%3A%22item%5B%5D%3D65%26item%5B%5D%3D66%26item%5B%5D%3D67%26item%5B%5D%3D68%26item%5B%5D%3D69%26item%5B%5D%3D71%26item%5B%5D%3D72%26item%5B%5D%3D94%22%2C%22item_73%22%3A%22item%5B%5D%3D81%26item%5B%5D%3D82%26item%5B%5D%3D83%26item%5B%5D%3D122%26item%5B%5D%3D85%22%2C%22item_74%22%3A%22item%5B%5D%3D116%26item%5B%5D%3D78%26item%5B%5D%3D79%26item%5B%5D%3D80%26item%5B%5D%3D104%26item%5B%5D%3D105%26item%5B%5D%3D106%26item%5B%5D%3D112%26item%5B%5D%3D113%26item%5B%5D%3D95%22%2C%22item_75%22%3A%22item%5B%5D%3D76%26item%5B%5D%3D77%26item%5B%5D%3D86%22%7D&nonce=86df1f054a

复制代码

1. POST /api/text/translate?to=zh-CHS HTTP/1.1
   
2. content-type: application/json
   
3. eo-log-uuid: 251022832045029458
   
4. user-agent:
   
5. accept: */*
   
6. cdn-loop: TencentEdgeOne; loops=2
   
7. host: suapi.net
   
8. eo-client-ip: 125.122.187.41
   
9. accept-encoding: deflate, gzip
   
10. eo-client-ipcountry: CN
    
11. x-forwarded-for: 125.122.187.41
    
12. x-forwarded-proto: https
    
13. content-length: 39
    
14. eo-connecting-ip: 125.122.187.41
    
15. 
    
16. [{"Text": "fast shutdown for windows"}]

复制代码

估计这个是因为横杠的原因，误报为sql注入了。是正常请求