search

efenian / phpipamsdk

A PhpIpam Python REST API Client
GNU General Public License v3.0
19 stars 13 forks source link

GET needs empty payload #2

Closed jjhunt closed 5 years ago

jjhunt commented 5 years ago

I found I needed to adjust the payload to None for GET requests, otherwise a 403 error would be generated by cpanel. Changes that worked for me and the errors I saw are show below:

# diff phpipam.py.new phpipam.py.org
55c55
<     def api_send_request(self, path='', method='', auth='', payload=None):
---
>     def api_send_request(self, path='', method='', auth='', payload=''):
63c63
<                 json=payload,
---
>                 data=json.dumps(payload),
[Tue Mar 19 15:43:02.334946 2019] [:error] [pid 11660] [client 129.82.x.xxx:50066] [client 129.82.x.xxx] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "143"] [id "920170"] [rev "1"] [msg "GET or HEAD Request with Body Content."] [data "2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "xxxx.colostate.edu"] [uri "/api/zabbix/sections/"] [unique_id "XJFiZrNdn0swQ@FxgCZUggAAAAE"]
[Tue Mar 19 15:43:02.335310 2019] [:error] [pid 11660] [client 129.82.x.xxx:50066] [client 129.82.x.xxx] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "xxx.colostate.edu"] [uri "/api/zabbix/sections/"] [unique_id "XJFiZrNdn0swQ@FxgCZUggAAAAE"]
[Tue Mar 19 15:43:02.395194 2019] [:error] [pid 11660] [client 129.82.x.xxx:50066] [client 129.82.x.xxx] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): GET or HEAD Request with Body Content."] [tag "event-correlation"] [hostname "xxxx.colostate.edu"] [uri "/index.php"] [unique_id "XJFiZrNdn0swQ@FxgCZUggAAAAE"]
efenian commented 5 years ago

Thank you for your report. I didn't have problems with my simple apache setup, but I don't have the modsecurity apache module installed. I updated both branches.

jjhunt commented 5 years ago

Thanks for the updating the branches and for developing this library. It is very helpful!!