comotion
commented
11 years ago you can check out the log or GET that url and check out the headers to see what rule blocks it.
Open MatthewOgborne opened 11 years ago
comotion
commented
11 years ago you can check out the log or GET that url and check out the headers to see what rule blocks it.
MatthewOgborne
commented
11 years ago Howdy,
Ah ha so logging for a few moments (varnisglog > log_me.txt) found this:
23 VCL_Log c security.vcl alert xid:847051761 HTTP/1.1 [sql-1][IP ADDRESS] So that's rule 1 on the sql.vcl, line 13:
if (req.url ~ "(?i).+SELECT.+FROM") {So it must be seeing this:
popover_selective_ajax&thefrom=As the threat.
What would be the syntax to change the line to add a AND not containing to "selective", would it be something like this?
if (req.url ~ "(?i).+SELECT.+FROM" && !req.url ~ "(?i).+SELECTIVE.+FROM") {Matt
comotion
commented
11 years ago that rule isn't ideal, but your quick fix looks about right.
Hi,
Firstly amazing, this has stopped loads of issues I was having prior to moving to varnish!
However I have one small challenge, the following url is being rejected as naughty / 503 error by one of the rules, it's below:
http://domain.co.uk/wp-admin/admin-ajax.php?callback=po_onsuccess&action=popover_selective_ajax&thefrom=http%3A%2F%2Fdomain.co.uk%2F&thereferrer=&active_popover=0&_=1366202946452
Any suggestions on how I can stop this url from being rejected and allow it to be passed through?
Many thanks,
Matt