J4.x:Webserver-level mitigations for CVE-2023-23752
From Joomla! Documentation
Revision as of 17:28, 17 February 2023 by SniperSister (talk | contribs) (Created page with "<!-- Start with an intro below this line --> ==Errors reported== <!-- Fill errors below --> I want to mitigate the issue fixed in 4.2.8 (CVE-2023-23752) using webserver-level...")
Revision as of 17:28, 17 February 2023 by SniperSister (talk | contribs) (Created page with "<!-- Start with an intro below this line --> ==Errors reported== <!-- Fill errors below --> I want to mitigate the issue fixed in 4.2.8 (CVE-2023-23752) using webserver-level...")
Errors reported
I want to mitigate the issue fixed in 4.2.8 (CVE-2023-23752) using webserver-level measures like mod_security or mod_rewrite - how to do that?
Versions affected
General Information
This pertains only to Joomla! version(s): 4.0.0 - 4.2.7
How to fix
mod_rewrite
Add the following rule to the .htaccess file in your website root:
RewriteCond %{QUERY_STRING} public=
RewriteRule api/?. - [F]Kudos to Nicholas Dionysopoulos for providing this rule.
mod_security
SecRule REQUEST_URI "api/index.php/v1/" "chain,id:002370,t:lowercase,t:urlDecodeUni"
SecRule ARGS_GET_NAMES "^public$"