我正在尝试通过SOAP API(V2)读取Magento的产品列表,并尝试做一些/任何类型的分页.
简单场景:
var filters = new filters();
var products = catalogProductList(out pe, Connection.Session, filters, null);
这使Magento崩溃: "Allowed memory size of 1073741824 bytes exhausted (tried to allocate 72 bytes."
我试图通过在以下内容上指定两个复杂的过滤器来添加分页product_id:
filters.complex_filter = new complexFilter[]
{
new complexFilter()
{
key = "product_id",
value = new associativeEntity()
{
key = "gt",
value = "400"
}
},
new complexFilter()
{
key = "product_id",
value = new associativeEntity()
{
key = "lt",
value = "1000"
}
}
};
但是,在这种情况下,只应用第二个过滤器,忽略第一个过滤器.
我正在考虑阅读类别树,然后是分配的产品,但是有很多产品没有分配到任何类别或多个类别,所以我会错过它们或多次获取它们.
有没有办法使用某种类型的分页来阅读产品列表,所以我不会立即阅读完整列表?(注意:要求增加内存不是一个真正的选择)
我已经Azure Application Gateway + WAF在Azure WebApp上运行的ASP.Net Core应用程序的前面配置了一个。我OWASP 3.0在“预防”模式下并在其中设置了默认规则。
我的问题是,通过WAF的每个请求都以一种或另一种方式失败,并且某些默认规则集返回403 - Forbidden status。
通过WAF日志,我发现很少有规则失败。
已识别的SQL十六进制编码
{
"message": "Warning. Pattern match \"(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+\" at REQUEST_COOKIES:ASP.Net_Auth.",
"data": "Matched Data: H0XAa4 found within REQUEST_COOKIES:AspNetCore.Auth: CfDJ8El_2vmJILFHjQYUCDWwttioV16BAlL12KiQnTLGZztGtA8P0xbo1MosAgmrkUk4IQ7pF5O4ZMJbmRHsHxYHq842rq_hr8FUyMhAMo_5mQ-C_5jBrkRWqUGrYHMa6fVIj4xtGOfku...",
}
检测到SQL注释序列
"message": "SQL Comment Sequence Detected.",
"details": {
"message": "Warning. Pattern match \"(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)\" at REQUEST_COOKIES:.AspNetCore.Identity.Application.",
"data": "Matched Data: --Z35d...- found within REQUEST_COOKIES:.AspNetCore.Identity.Application: CfDJ8El_2vmJILFHjQYUCDWwttihjUTpJneEVE1l-3UeTx...",
"file": "rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf",
"line": "1053"
}
超出PCRE限制
{
"requestUri": "/api/ping?_=240477821",
"message": "Execution error - PCRE limits exceeded (-8): (null)."
}
网址/ …
azure asp.net-core azure-application-gateway azure-web-app-firewall