误报提交入口

宝塔用户_glysll 发表于 2024-4-24 17:55
这个看一下

更新到最新版9.4.0 即可

误报阿里云CDN的IP，但是明明已经打开了CDN开关

/?s＝Open+The+Safe&type＝post

过滤规则        语义分析分析出SQL注入
传入值        s＝Open The Safe

kop5 发表于 2024-5-6 11:12
/?s＝Open+The+Safe&type＝post

过滤规则        语义分析分析出SQL注入

9.4.1 会进行修复。应该就是这两天更新

宝塔用户_eazfeu 发表于 2024-4-29 17:30
误报阿里云CDN的IP，但是明明已经打开了CDN开关

修复一下防火墙插件。已经处理完毕。

kop5 发表于 2024-5-6 11:12
/?s＝Open+The+Safe&type＝post

过滤规则        语义分析分析出SQL注入

已经修复了。你直接修复一下防火墙插件。需要修复到9.4.0

宝塔用户_eazfeu 发表于 2024-4-29 17:30
误报阿里云CDN的IP，但是明明已经打开了CDN开关

默认是一个小时更新一次。然后可以手动更新。
你可以先升级到9.4.0。今天下午刚刚上了这个同步的功能。

过滤规则        语义分析分析出SQL注入
传入值        s＝aimer open the door
风险值        aimer open the door

kop5 发表于 2024-5-12 19:10
过滤规则        语义分析分析出SQL注入
传入值        s＝aimer open the door
风险值        aimer open the door ...

好的。今天修复

kop5 发表于 2024-5-12 19:10
过滤规则        语义分析分析出SQL注入
传入值        s＝aimer open the door
风险值        aimer open the door ...

已经修复了。你直接修复一下防火墙插件即可。版本需要是9.4.2

宝塔技术-小强 发表于 2024-4-28 14:14
更新即可

更新后仍存在这个问题

POST /member/index.php?c=show&act=save HTTP/1.1
accept-language: zh-CN,zh;q=0.9
content-type: multipart/form-data; boundary=----WebKitFormBoundaryct6hF5eec1aFHQt6
content-length: 240487
cookie: 53gid2=10155072058999; visitor_type=old; 53gid0=10155072058019; 53gid1=10155072058019; 53uvid=1; onliner_zdfq72215539=0; SECKEY_ABVK=tECFRVVI97I1v8xMGlY3+ENSqOJ76N+ha0VlMg7cSi0%3D; BMAP_SECKEY=bi2ad2rLeQC-ueJcmsExIa_EcxSJtfG9umarC5ItdxfrnZ6YVaIdksSW1Ac_lwSDuexWnmD-zbvr0Xcrp4bXrrTdm8DCHRiDbzcrYIIlvwjnnDBKJVeIKBJLipLjsoCy7wSJs25711E5eLFG5aNeRSB70Os6raOoX6Fc_HAVnyvP906pE4uN8UFuBLrm0wZv; timein=1715567688; 53revisit=1709514886389; 53gid2=10155072058019; usertype=2; PHPSESSID=q89lsd2sq5ov99kc8qivaahe3; lasttime=1715559406; Hm_lvt_29f2b2c64f7f4d3fde6cc270e376d843=1715220937,1715241248,1715303433,1715563464; Hm_lvt_c763fc62b8ff216ab4c8e66bc802f9e8=1715220937,1715241248,1715303433,1715563464; 53kf_72215539_from_host=www.xxx.com; 53kf_72215539_keyword=https%3A%2F%2Fwww.xxxx.com%2Fadmin%2Findex.php%3Fm%3Dadmin_company%26status%3D%26rec%3D%26time%3D%26rating%3D%26visit%3D%26logindatestart%3D%26logindateend%3D%26regdatestart%3D%26regdateend%3D%26sdatestart%3D%26sdateend%3D%26areamin%3D%26areamax%3D%26perfect%3D%26type%3D1%26keyword%3D%25E5%258C%2597%25E4%25BA%25AC%25E4%25B8%25BD%25E6%2599%25AF%25E7%25BC%2598%25E5%258A%25A8%25E7%2589%25A9%25E5%258C%25BB%25E9%2599%25A2%26news_search%3D%25E6%2590%259C%25E7%25B4%25A2; uuid_53kf_72215539=3d0a85a01f1396374ba17128613445fc; kf_72215539_land_page_ok=1; 53kf_72215539_land_page=https%253A%252F%252Fwww.xxxx.com%252Fcompany%252Findex.php%253Fc%253Dshow%2526id%253D2731523; uid=2733420; shell=4c867a79a7e8f353b2423720e279d587; chat=93eca1; Hm_lpvt_c763fc62b8ff216ab4c8e66bc802f9e8=1715567614; Hm_lpvt_29f2b2c64f7f4d3fde6cc270e376d843=1715567614; wxpop=1; checkurl=https%3A%2F%2Fwww.xxxx.com%2Fmember%2Findex.php%3Fc%3Dshow%26act%3Daddshow; timein=1715567690
referer: https://www.xxxx.com/member/index.php?c=show&act=addshow
host: www.xxxx.com
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
origin: https://www.xxxx.com
sec-fetch-mode: cors
accept: */*
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36

------WebKitFormBoundaryct6hF5eec1aFHQt6
Content-Disposition: form-data; name="id"

WU_FILE_4
------WebKitFormBoundaryct6hF5eec1aFHQt6
Content-Disposition: form-data; name="name"

微信图片_20240315154756.jpg
------WebKitFormBoundaryct6hF5eec1aFHQt6
Content-Disposition: form-data; name="type"

image/jpeg
------WebKitFormBoundaryct6hF5eec1aFHQt6
Content-Disposition: form-data; name="lastModifiedDate"

Mon May 13 2024 10:34:10 GMT+0800 (中国标准时间)
------WebKitFormBoundaryct6hF5eec1aFHQt6
Content-Disposition: form-data; name="size"

239707
------WebKitFormBoundaryct6hF5eec1aFHQt6
Content-Disposition: form-data; name="file"; filename="微信图片_20240315154756.jpg"
Content-Type: image/jpeg

误报了
上传Word文档

url关键词拦截中并没有相关的单词

使用了阿里云全站加速服务，部分用户访问会被拦截