Apache2 błąd 404 po aktualiacji debiana z 8 na 9


(czeper) #1

Mam dziwny problem, strona działała bez zarzutu, aż tu nagle tak po prostu:

Not Found

The requested URL /login was not found on this server.

w logach apacha mam taki wpis:

[Sat Jul 01 22:28:08.409154 2017] [:error] [pid 8092] [client 127.0.0.1:45624] [client 127.0.0.1] ModSecurity: Warning. Pattern match “(?i)([\\s\”’`;\\/0-9\\=\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]+on\\w+[\\s\\x0B\\x09\\x0C\\x3B\\x2C\\x28\\x3B]*?=)" at REQUEST_COOKIES:laravel_session. [file “/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf”] [line “125”] [id “941120”] [rev “2”] [msg “XSS Filter - Category 2: Event Handler Vector”] [data “Matched Data: 9ONVJNNVFwdTZCVThZanZMUnc9PSIsInZhbHVlIjoibHNVVXhITTJoTWkwUVNCY2tFZ0twY1JRMFhcLzA3WmgxXC9Zc0FFYnR2dU5lZzVqcTRUXC9ZZFhZUXRaOHgwQ3QyaWxGbFU3azVqbHVMcUtaZE5TU2hibWc9PSIsIm1hYyI6ImIwYzc1ZjM4ZjhmZDNjNTlhYzM2Nzk4MWJkMDdmNWU5YzZjMzhmYjlhYWQyMWFiOTRjNzI4OTJkYzQxMDk3Y2MifQ= found within REQUEST_COOKIES:laravel_session: eyJpdiI6ImNUQk9ONVJNNVFwdTZCVThZanZMUnc9PSIsInZhbHVlIjoibHNVVXhITTJoTWkwUVNCY2tFZ0twY1JRMFhcLzA3WmgxXC9Zc0FFYnR2dU5lZzVqcTRUXC9ZZFhZUXRaOHgwQ3QyaWxGbFU3azVqbHVMcUtaZE5TU2hibWc9PSIsIm1…”] [severity “CRITICAL”] [ver “OWASP_CRS/3.0.0”] [maturity “4”] [accuracy “8”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag "at [hostname “da.pl”] [uri “/favicon.ico”] [unique_id “WVgF2MCoAAoAAB@c@6QAAAAA”], referer:
[Sat Jul 01 22:28:08.414794 2017] [:error] [pid 8092] [client 127.0.0.1:45624] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file “/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf”] [line “57”] [id “949110”] [msg “Inbound Anomaly Score Exceeded (Total Score: 5)”] [severity “CRITICAL”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-generic”] [hostname “local.pl”] [uri “/favicon.ico”] [unique_id “WVgF2MCoAAoAAB@c@6QAAAAA”], referer:

to zaczęło się dziać po aktualizacji z debiana 8 na 9. Nie od razu wystąpił ten problem. Korzystałem z paginacji datable, przy którejś stronie pojawil sie ten bład i od tamtej pory nic nie działa. Framework laravel 5, php 5.6, apache:
Server version: Apache/2.4.25 (Debian)
Server built: 2017-06-20T19:29:11


(Fizyda) #2

Na początek wyłącz modsecurity.