應用 - Wordpress WAF Rules

由 datahunter 在五, 16/12/2022 - 11:52 發表

最後更新: 200-12-29

Notes: Syntax highlight

/wp-includes/**.php

SecRule REQUEST_FILENAME "^/wp-includes/.*\.php(?:/.*)*" \
  "id:100,phase:1,t:lowercase,t:normalizePath,t:trim,\
  deny,log,\
  rev:'1',tag:'wordpress',\
  msg:'WP: /wp-includes access attempt'"

Case

# test.php 存在情況下防

/wp-includes/test.php/test.txt

xmlrpc.php

SecRule REQUEST_FILENAME "^/xmlrpc\.php" \
  "id:101,phase:1,t:lowercase,t:normalizePath,t:trim,\
  deny,log,\
  rev:'1',tag:'wordpress',\
  msg:'WP: /xmlrpc.php access attempt'"

Notes

唔可以用 "@streq /xmlrpc.php", 因為有機會如下 call 到 /xmlrpc.php/1234

wp-json

SecRule REQUEST_URI "^/wp\-json/wp/v[0-9]+/users" \
  "id:102,phase:1,t:lowercase,t:normalizePath,t:trim,\
  deny,log,\
  rev:'1',tag:'wordpress',\
  msg:'WP: User enumeration'"

Case

/wp-json/wp/v2/users

wp-cron.php

SecRule REQUEST_URI "^/wp-cron\.php" \
  "id:103,phase:1,t:lowercase,t:normalizePath,t:trim,\
  deny,log,\
  rev:'1',tag:'wordpress',\
  msg:'WD: /xmlrpc.php access attempt'"

瀏覽次數： 242

夢想家

應用 - Wordpress WAF Rules