질문&답변
클라우드/리눅스에 관한 질문과 답변을 주고 받는 곳입니다.
리눅스 분류

mod_security

작성자 정보

  • 암튼 작성
  • 작성일

컨텐츠 정보

본문

윈도즈 2000 프로에 APM 을 설치하여 사용하고 있습니다.
상태는 이렇습니다. Apache/2.0.53 (Win32) mod_ssl/2.0.53 OpenSSL/0.9.7e PHP/4.3.10
 
RWAPM 을 새로 업데이트를 하면서 추가된 모듈이 제목의 mod_security 입니다.
- 서버 방화벽으로 알려져 있는데 ... 보안면으로야 좋다면 당연히 사용하면 되는데
문제가 생겼습니다.
제가 잘못 사용하는 것일 수도 있지만... http://navyism.comn@ie 를 사용하고 있는데요...
이미지를 프레임내에서 사용하기 보다는 팝업창으로 띄워서 보기 위해 팝업창으로 사용할 페이지를 php로 만들고 이미지를 window.open 이나 modeless 를 사용하여 파일상태를 전송하여 ...
 
사실상 어느곳에 물어봐야 할지 몰라서 ...
확실히는 제가 잘못사용하고 있었다는 것이 드러난 셈인데요... 서버셋팅의 문제입니다만...
php의 전송방식중에 하나를 사용하고 있다는 생각은 들지만 그것이 전송과정에 자바스크립이 끼어 있어서 그런건지 어쩐건지 잘 몰라서요 이렇게 무례하게 질문 드립니다.

n@ie의
files.php의 이미지 표시 구문인

<a href='$loc/$dirs[$k]' target=_self><img src='$loc/$dirs[$k]' border=0 align=absmiddle name=img$i></a>

이녀석을... pops.php라는 페이지를 만들어 놓고

<img src='$loc/$dirs[$k]' GALLERYIMG='no' border=0 align=absmiddle name=img$i onclick=window.open('pops.php?imagefile=$loc/$dirs[$k]&p_title=$dirs[$k]&p_width=$size[0]&p_height=$size[1]&p_bytes=$bytes','pops','width=$size[0],height=$size[1],top=100,left=300,channelmode=0,fullscreen=0') style=cursor:hand>

이런식이나

<img src='$loc/$dirs[$k]' GALLERYIMG='no' border=0 align=absmiddle name=img$i onclick=showModelessDialog('pops.php?imagefile=$loc/$dirs[$k]&p_title=$dirs[$k]&p_width=$size[0]&p_height=$size[1]&p_bytes=$bytes','pops','dialogwidth:$size[0]px;dialogheight:$size[1]px;help:no;status:no;resizable:no;scrolling:no') style=cursor:hand>

이런식으로 전송하여 이미지를 팝업하여, 지금까지는 문제없이 잘 사용하고 있었는데요... 이번에 아파치를 업그레이드 하면서 새로 업데이트한 부분중에
mod_security 방화벽 모듈이 장착되었는데...  ㅡㅡ? 아무래도 이녀석이 방해를 하고 있는것 같습니다. 이녀석을 모듈장착하지 않으면 팝업창은 문제없이 사용할 수 있지만 이녀석을 불러들이면 여지없이 팝업창브라우저에서 이미지 로딩을 거부합니다.

제가 위의 이미지 팝업부분을 잘 못 사용해서 그런건지 알고 싶습니다. 참고로 mod_security 모듈 부분의 내용도 첨부합니다. 어느 부분에서 막고 있는지 알려주신다면... 정말 감사하겠습니다.

아래는 내린 모듈의 내용입니다.


######################################
# RWAPM 1.0.11
# http://www.neosky.info
# 웹서버 방화벽 mod_security 파일입니다.
######################################
SecFilterEngine On
SecFilterCheckURLEncoding On
SecAuditEngine Off
SecAuditLog logs/audit.log

SecFilterScanPOST Off
SecFilterDefaultAction "deny,log,status:406"

# 아래에 나열된 METHOD외의 접근을 막음.
SecFilterSelective REQUEST_METHOD "!(GET|POST|HEAD|OPTIONS)" deny,nolog,status:406

# 특정 헤더의 접근을 막음.
SecFilterSelective HTTP_HEADER "Translate:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "If:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "Lock-Token:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "DAV:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "Depth:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "Destination:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "Label:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "Overwrite:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "TimeOut:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "TimeType:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "DAVTimeOutVal:" deny,nolog,status:406
SecFilterSelective HTTP_HEADER "Other:" deny,nolog,status:406

# 특정 에이젼트의 접근을 차단함.
# 크래킹 차단.
SecFilterSelective HTTP_USER_AGENT "SmartDownload" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Offline Explorer" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Ninja" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "NetZIP" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "HTTrack" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Googlebot-Image" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Download" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Downloader" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "BackDoorBot" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "ah-ha" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Alexibot" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Atomz" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Microsoft-WebDAV-MiniRedir" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Microsoft-WebDAV-MiniRedir/5.1.2600" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Googlebot/2.1" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "PlantyNet_WebRobot_V1.9" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "LWP::" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "lwp-trivial" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Mozilla/2.0" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebZIP" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Teleport" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "GetRight" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "FlashGet" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "JetCar" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Go!Zilla" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "NamoWebEditor" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Namo" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "MSFrontPage" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebTrack-HTTPP" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebSymmetrix" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "AD2000" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebSpy" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebStripper" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebSnatcher" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebGet" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "HSlide" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebCopier" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Microsoft URL Control" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Website eXtractor" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Internet Ninja" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "fortuna" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "SuperHTTP" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WISEbot/1.0" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "NaverBot-1.0" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Talkro Web-Shot/1.0" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Talkro" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Web-Shot/1.0" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Arachmo" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WinHTTrack Website Copier" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "BlackWidow" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "SuperBot" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "MM3-WebAssistant" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Website Extractor" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Offline Explorer Pro" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "GetBot" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "SBWcc Website Capture" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Leech" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "HTTP Weazel" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebGainer" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Offline Explorer Enterprise" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "PageSucker" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "QuadSucker/Web" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "BackStreet Browser" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Offline Navigator" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Aaron's WebVacuum" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "JOC Web Spider" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Grab-a-Site" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "PicScour" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "RafaBot" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Cli-Mate" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "eNotebook" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebSlinky" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Pictures Grabber" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Web Dumper" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebCatcher" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "SurfOffline" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "NetGrabber" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Power Siphon" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Rip Clip" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebWhacker" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Offline CHM" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "webpictureboss" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Visual Web Task" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Web Shutter" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "NavRoad" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "7 Download Services" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "WebCloner Standard" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "EZ Save MHT" deny,nolog,status:406
SecFilterSelective HTTP_USER_AGENT "Yahoo! Slurp" deny,nolog,status:406
SecFilterSelective "HTTP_USER_AGENT" "<.+>" deny,nolog,status:406

# robots.txt 접근금지
SecFilterSelective THE_REQUEST "robotsxx.txt" deny,nolog,status:406
SecFilterSelective THE_REQUEST "robots.txt" deny,nolog,status:406

# 보안설정
# 크래킹 차단.
SecFilterSelective THE_REQUEST "/htmlscript?../.."
SecFilterSelective THE_REQUEST "/view-source"
SecFilterSelective THE_REQUEST "///"
SecFilterSelective THE_REQUEST "??????????"
SecFilterSelective THE_REQUEST ".html/......"
SecFilterSelective THE_REQUEST "<script"
SecFilterSelective THE_REQUEST "/config.php"
SecFilterSelective THE_REQUEST "/db.inc.php"
SecFilterSelective THE_REQUEST "/include"

SecFilterSelective QUERY_STRING "../" chain
SecFilterSelective QUERY_STRING "http://"
SecFilterSelective QUERY_STRING "ftp://"

SecFilter "&cmd=chdirx20"
SecFilter "img src=javascript"
SecFilter "../"
SecFilter "/RWAPM/RTM20040531"
SecFilter "/RWAPM/RTM20040531/bin"
SecFilter "conf/httpd.conf"
SecFilter "../.."
SecFilter "../../"
SecFilter "/../../../../"
SecFilter "net localgroup administrators /add"
SecFilter "file://"
SecFilter "window.open("readme.eml""
SecFilter "document.domain("
SecFilter "javascript://"
SecFilter "<SCRIPT>"
SecFilter ".htpasswd"
SecFilter ".htaccess"
SecFilter "cd.."
SecFilter "/...."
SecFilter "GET x HTTP/1.0"
SecFilter "includedir="
SecFilter "http://"
SecFilter "whois://"
SecFilter "path=http://"
SecFilter "file=http://"
SecFilter "Server[path]=http"
SecFilter "<[[:space:]]*script"
SecFilter "<(.| )+>"

SecFilterForceByteRange 1 255

SecFilterSelective ARG_highlight %27

#허위정보를 보냄.
SecFilterSelective OUTPUT "Fatal error:"

# 웹서버 정보를 허위정보로 보냄, 위장함.
SecServerSignature "Korea WebServer/Enterprise(FreeBSD)"

관련자료

댓글 0
등록된 댓글이 없습니다.

공지사항


뉴스광장


  • 현재 회원수 :  60,376 명
  • 현재 강좌수 :  37,051 개
  • 현재 접속자 :  283 명