http://www.aqtronix.com/?PageID=164
http://www.softore.co.kr/index.php?document_srl=1671&mid=SoftoreBlog
http://blog.naver.com/PostView.nhn?blogId=noorol&logNo=220888811013&parentCategoryNo=&categoryNo=55&viewDate=&isShowPopularPosts=false&from=postView
Admin : 해제
Web Applications : 설정
- Allow File Uploads
- Allow Unicode
- Allow Asp
- Allow JSON
로그를 통한 추가사항 해결
BLOCKED: High bit characters (shellcode) not allowed in URL
URL Scanning -> Url High Bit Shellcode - > Disabled로 변경
BLOCKED: '/upload' not allowed in URL
URL Scanning -> Denied Url Sequences - > /upload 삭제
BLOCKED: accessing/running 'shadow' file
- 파일명에 shadow가 들어감
Requested File -> Denied Files -> Shadow 삭제
Requested File -> Filename Charactoers -> 파일명 체크에 + 삭제
\:/*?"<>|$^#+=;
->
\:/*?"<>|$^#=;
MONITORED: IP address (previous alert)
한번이라도 모니터링 된 아이피에 대해서 접속시 경고메시지
Incident Response Handling -> Response Monitor IP -> 체크해제
BLOCKED: QueryString is too long!
Querystring ->
길이조절을 하면 되겠지만 GET방식의 전송을 POST방식의 전송으로 변경해서 넘어감
BLOCKED: Parameter name not valid in querystring 'columns[0][data],columns[0][name],columns[0][searchable],columns[0][orderable],columns[0][search][value],columns[0][search][regex],columns[1][data],columns[1][name],columns[1][searchable],columns[1][orderable],columns[1][search][value],columns[1][search][regex],columns[2][data],columns[2][name],columns[2][searchable],columns[2][orderable],columns[2][search][value],columns[2][search][regex],columns[3][data],columns[3][name],columns[3][searchable],columns[3][orderable],columns[3][search][value],columns[3][search][regex],columns[4][data],columns[4][name],columns[4][searchable],columns[4][orderable],columns[4][search][value],columns[4][search][regex],search[value],search[regex]'
BLOCKED: Parameter name not valid in data
제거
PostData Parameter Name Require Regular Expression - > disabled
application/x-www-form-urlencoded; charset=utf-8 ;
BLOCKED: Encoding exploit in data 'ASP URL encoding issue' ;
Encoding exploit -> Encoding Regular Expressions -> Encoding exploit 제거
ASP URL encoding issue : %!(([uU]\h\h)?\h\h)
BLOCKED: Encoding exploit in data (invalid UTF-8) ;
Encoding exploit -> Detect Invalid UTF-8 체크 해제
BLOCKED: Possible SQL injection in data (',`,;,--,/*,1<1,1>1,||,&&) ;
BLOCKED: 'XSS style' regex not allowed in data ;
Post -> Denied Post Regular Expressions -> XSS style제거
추가로 href,src
BLOCKED: 'src' regex not allowed in data ;
카카오톡에서 접속시
User Agent not RFC compliant
BLOCKED: 'Error Page' information disclosure
'잡동 > 개발환경(개발툴)' 카테고리의 다른 글
CORDOVA + VUE + FRAMEWORK7 (0) | 2018.06.08 |
---|---|
sourcetree (0) | 2018.02.06 |
HP Intelligent Provisioning 재설치 (0) | 2017.12.19 |
Fix error dev/kvm is not found (0) | 2017.12.12 |
Mac에서 Android build를 위한 세팅 (0) | 2017.12.12 |