.htaccess and Apache ModSecurity

I have this .htaccess

Options -Indexes

    RewriteEngine On
    RewriteBase /

    # Force to exclude the trailing slash
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.*)/$
    RewriteRule ^(.+)/$ $1 [R=307,L]

    # Restrict php files direct access
    # this part generate the problem
    RewriteCond %{THE_REQUEST} ^.+? [^?]+.php[? ]
    RewriteRule .php$ - [F] 

    # Allow any files or directories that exist to be displayed directly
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d

    RewriteRule ^(.*)$ index.php?$1 [QSA,L]

But the apache write me this:

ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/modsecurity/modsecurity_crs_30_http_policy.conf"] [line "31"] [id "960032"] [rev "2"] [msg "Method is not allowed by policy"] [data "GET"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.9"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"]

How i must edit my htaccess? Thanks guys.

---

As the first comment has said that you have a ModSecurity rule blocking your request. If your hosting provider has enabled '--enable-htaccess-config' when building ModSecurity then you have access to disable that particular rule from an htaccess file. You can use something similar to the following:

<IfModule mod_security.c> SecRuleRemoveById 960032 </IfModule>

However, if your provider has not enabled this and you don't have access to any Apache configuration files (httpd.conf, etc). Then you will have to contact your hosting provider to fix the issue. Sorry

链接地址: http://www.djcxy.com/p/36546.html

上一篇: 多种语言+ Htaccess

下一篇: .htaccess和Apache ModSecurity