ModSecurity 规则链接不起作用(我正在使用 Coraza)。对于以下规则:
SecRule REQUEST_HEADERS:X-Forwarded-For "@ipMatch 3.4.5.6" "id:9,phase:1,chain"
SecRule REQUEST_HEADERS:Host "@eq bar.com" "id:10,phase:1,deny"
当我发送以下请求时:
curl -v -H 'Host: bar.com' -H 'X-Forwarded-For: 3.4.5.6' localhost
两条规则匹配,但不应用第二条规则中的操作,并且不拒绝请求。
我通过在日志中查看以下内容来验证规则是否匹配:
2023/11/06 19:33:20 [DEBUG] Evaluating operator: MATCH tx_id="bqZkxImuTflWlGYCGVG" rule_id=9 operator_function="@ipMatch" operator_data="3.4.5.6" arg="3.4.5.6"
2023/11/06 19:33:20 [DEBUG] Evaluating operator: MATCH tx_id="bqZkxImuTflWlGYCGVG" rule_id=10 operator_function="@eq" operator_data="bar.com" arg="bar.com"
该操作必须位于开始链的第一条规则中:
SecRule REQUEST_HEADERS:X-Forwarded-For "@ipMatch 3.4.5.6" "id:9,phase:1,deny,chain"
SecRule REQUEST_HEADERS:Host "@eq bar.com" "id:10,phase:1"