ITPub博客

首页 > 数据库 > 数据库开发技术 > Cannot Access Pls Pages: 'mod_security: Access denied with code 400'

Cannot Access Pls Pages: 'mod_security: Access denied with code 400'

原创 数据库开发技术 作者:zhulch 时间:2007-10-11 19:17:28 0 删除 编辑

帮朋友解决的

Oracle EBS11I

[@more@]

错误现象:
- 从IE方式form进不去,CGI可以进去

- [Thu Oct 11 18:02:29 2007] [error] [client 10.4.105.73]
mod_security: Access denied with code 400. Pattern match "!^/pls/[-a-z0-9_]+
/!?[a-z](([a-z0-9_$#]){0,29})(.[a-z](([a-z0-9_$#]){0,29})){0,2}(?.*){0,1}$" at REQUEST_URI.
[hostname "misp4.bj.cmcc"] [uri "/pl
s/BJNPRD/fnd_icx_launch.launch?resp_app=SYSADMIN&resp_key=SYSTEM_ADMINISTRATOR&secgrp_k


解决:

In this Document
Symptoms
Changes
Cause
Solution

--------------------------------------------------------------------------------

Applies to:
Oracle Applications Technology Stack - Version: 11.5.10
This problem can occur on any platform.

Symptoms
After applied security update patches for April 2006 when accessing pls HTML DB pages(:/pls/htmldb">http://:/pls/htmldb) the following error occurs:

ERROR
[Mon Jul 24 11:05:42 2006] [error] [client 11.22.33.44] mod_security: Access denied with code 400. Pattern match
"!^/pls/[-a-z0-9_]+/[a-z](([a-z0-9_$#]){0,29})(.[a-z](([a-z0-9_$#]){0,29})){0,2}(?.*){0,1}$" at REQUEST_URI.hostname "paydev02.ppa.mod.uk"] [uri "/pls/htmldb"] [unique_id RMSbdgoCACwALJCqGjw]


Changes
Applied security update patches for April 2006 delivering version 115.7 of the template security_ux_ias1022.conf
Cause
The example from security.conf need to be customized for partial url's which are not fully formed and thus rely on a default page (that is specified at the serverside). htmldb is an example of a product that relies on these.

#

## Allow requests for path alias requests
# SecFilterSelective "REQUEST_URI" ^/pls/[-a-z0-9_]+/fndgfm/fnd_gfm.get/ "allow,nolog"
# SecFilterSelective "REQUEST_URI" ^/pls/[-a-z0-9_]+/fndgfm/fnd_help.get/ "allow,nolog"

## Make sure the package name contains only schema-valid subset of 7-bit
## ascii, max 3 elements, each <= 30 characters, starting with a letter
#SecFilterSelective "REQUEST_URI" !^/pls/[-a-z0-9_]+/[a-z](([a-z0-9_$#]){0,29})(.[a-z](([a-z0-9_$#]){0,29})){0,2}(?.*){0,1}$

## Make sure the parameter names contains only valid subset of 7-bit ascii
#SecFilterSelective "ARGS_NAMES" !^[a-z]([a-z0-9_]){0,29}$

#

Solution
When possible upgrade to Patch 5107107 TXK (FND & ADX) AUTOCONFIG ROLLUP PATCH N (AUGUST 2006) or higher. This patch delivers the template security_ux_ias1022.conf 115.12 including the missing line.

A temporary work-around until newer version of the template can be implemented is the following

Navigate to $AD_TOP/admin/template
Backup the current security_ux_ias1022.conf to security_ux_ias1022.conf.org
Open the security_ux_ias1022.conf in a text-editor
Add the line rendered in bold

## Allow requests for path alias requests
SecFilterSelective "REQUEST_URI" ^/pls/[-a-z0-9_]+/fndgfm/fnd_gfm.get/ "allow,nolog"
SecFilterSelective "REQUEST_URI" ^/pls/[-a-z0-9_]+/fndgfm/fnd_help.get/ "allow,nolog"

## Allow for partial urls for default pages. i.e. /pls/sid or /pls/sid/
SecFilterSelective "REQUEST_URI" ^/pls/[-a-z0-9_]+$ "allow,nolog"

## Make sure the package name contains only schema-valid subset of 7-bit
## ascii, max 3 elements, each <= 30 characters, starting with a letter
SecFilterSelective "REQUEST_URI" !^/pls/[-a-z0-9_]+/[a-z](([a-z0-9_$#]){0,29})(.[a-z](([a-z0-9_$#]){0,29})){0,2}(?.*){0,1}$

## Make sure the parameter names contains only valid subset of 7-bit ascii
SecFilterSelective "ARGS_NAMES" !^[a-z]([a-z0-9_]){0,29}$

Save the changes
Run Autoconfig
Verify the $IAS_ORACLE_HOME/Apache/Apache/conf/security.conf now includes this new line
Keywords

另外的方案
apache
编辑文件/etc/httpd/modsecurity.d/modsecurity_crs_21_protocol_anomalies.conf

注释掉此句(也就是在前面加"#"):
SecRule REQUEST_HEADERS:Host "^[d.]+$" "deny,log,auditlog,status:400,msg:'Host header is a numeric IP address', severity:'2',id:'960017'



然后重启服务httpd
这样子应该还是会存在安全漏洞。


Cannot Access Pls Pages mod_security Access denied with code 400

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/7318139/viewspace-975999/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论
  • 博文量
    554
  • 访问量
    2203101