I used the lua script which was posted on the spiderlabs blog site http://blog.spiderlabs.com/2011/02/java-floating-point-dos-attack-protection.html .
I copied the exact configuration which was documented but something didn't seem right.
The following curl command:
curl -H "Accept-Language: en-us;q=2.2250738585072012e-308" http://localhost/was blocked by mod_security with the following Auditlog entry.
Message: Access denied with code 403 (phase 2). Pattern match ".*" at TX:floatingpointdos. [file "/test/apache/conf/modsecurity/modsecurity_crs_15_exception.conf"] [line "36"] [msg "Floating Point DoS Payload Found."] [data "Location: REQUEST_HEADERS:User-Agent"] [tag "CVE-2010-4476"]
The Request was blocked but it didn't recognized that i sent a malicious Accept-Language Header not a malicious User-Agent Header. After that i looked into the lua script and there where some errors in it.
The lua script used the string.gmatch function which seems to be always true.
The following if statement "if string.gmatch(FilteredPattern, Pattern) then" matched always and so the first parameter which where checked was printed in the audit log, this was in my case the User-Agent Header.
Here is the modified Lua script which worked for me.
#!/test/lua/bin/lua
function main()
local Pattern = "2225073858507201";
-- Get the ModSec collections
local Headers = m.getvars("REQUEST_HEADERS");
local Args = m.getvars("ARGS");
for i = 1, #Headers do
FilteredPattern,NumChanges=string.gsub(Headers[i].value, "[.]", "")
for j in string.gmatch(FilteredPattern, Pattern) do
m.setvar("tx.floatingpointdos", Headers[i].name)
return ("Potential Floating Point DoS Attack via variable: " ..Headers[i].name .. ".");
end
end
for i = 1, #Args do
FilteredPattern,NumChanges=string.gsub(Args[i].value, "[.]", "")
for j in string.gmatch(FilteredPattern, Pattern) do
m.setvar("tx.floatingpointdos", Args[i].name)
return ("Potential Floating Point DoS Attack via variable: " ..Args[i].name .. ".");
end
end
return nil;
end
Maybe it helps someone who had the same problem or some false positives.
Michael
If you're considering adult orthodontic treatment, I highly recommend visiting this clinic. I recently completed my treatment here, and I couldn't be happier with the results. The staff were friendly and professional, and they made me feel comfortable throughout the entire process. They used state-of-the-art technology to create a personalized treatment plan that addressed all of my concerns. I'm thrilled with my new smile, and I owe it all to this amazing clinic: orthodontic treatment.
AntwortenLöschen