查找 字符串 0x, 在 POST/PUT参数,URL任何部分,GET任何参数,或HTTP header 名称为 Cookie的header。如果匹配, $SQL 得分加2,规则可以 使用 id1002 设置白名单
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
组织自动化攻击
阻塞 w3af 代理
MainRule "str:w3af.sourceforge.net" "msg:DN SCAN w3af User Agent" "mz:$HEADERS_VAR:User-Agent" "s:$UWA:8" id:42000041 ;
BasicRule "str:http://www.shadowysite.com/" "msg:Bad referer" "mz:$HEADERS_VAR:referer" "s:DROP" id:20001;
阻塞危险目录
MainRule "str:/magmi/" "msg:Access to magmi folder" "mz:URL" "s:$UWA:8" id:42000400;
MainRule "str:/magmi.php" "msg:Access to magmi.php" "mz:URL" "s:$UWA:8" id:42000401;
满足匹配域(GET有名为 foo的参数),则将请求交给 libjin_sql 处理,若发现sqli,执行drop
MainRule "id:4241" "s:DROP" "d:libinj_sql" "mz:$ARGS_VAR:foo";
不满足 : url 以 /rest/开头的 请求 drop
MainRule "id:4241" negative "s:DROP" "rx:^/rest/" "mz:URL";
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
