最後更新: 200-12-29
Notes: Syntax highlight
/wp-includes/**.php
SecRule REQUEST_FILENAME "^/wp-includes/.*\.php(?:/.*)*" \ "id:100,phase:1,t:lowercase,t:normalizePath,t:trim,\ deny,log,\ rev:'1',tag:'wordpress',\ msg:'WP: /wp-includes access attempt'"
Case
# test.php 存在情況下防
/wp-includes/test.php/test.txt
xmlrpc.php
SecRule REQUEST_FILENAME "^/xmlrpc\.php" \ "id:101,phase:1,t:lowercase,t:normalizePath,t:trim,\ deny,log,\ rev:'1',tag:'wordpress',\ msg:'WP: /xmlrpc.php access attempt'"
Notes
唔可以用 "@streq /xmlrpc.php", 因為有機會如下 call 到 /xmlrpc.php/1234
wp-json
SecRule REQUEST_URI "^/wp\-json/wp/v[0-9]+/users" \ "id:102,phase:1,t:lowercase,t:normalizePath,t:trim,\ deny,log,\ rev:'1',tag:'wordpress',\ msg:'WP: User enumeration'"
Case
/wp-json/wp/v2/users
wp-cron.php
SecRule REQUEST_URI "^/wp-cron\.php" \ "id:103,phase:1,t:lowercase,t:normalizePath,t:trim,\ deny,log,\ rev:'1',tag:'wordpress',\ msg:'WD: /xmlrpc.php access attempt'"