Permalink
Browse files

Wrongful "chain" action

The chain action on line 49 was causing rule 981064 to act as chained, which would make its dsiruptive actions illegal, and the two main rules useless...
  • Loading branch information...
1 parent 7c0f59e commit e2fbef4ce89fed0c4dd338002b9a090dd2f6491d @th3m1773n th3m1773n committed Mar 19, 2014
Showing with 1 addition and 1 deletion.
  1. +1 −1 optional_rules/modsecurity_crs_16_session_hijacking.conf
@@ -46,7 +46,7 @@ SecRule RESPONSE_HEADERS:/Set-Cookie2?/ "(?i:(j?sessionid|(php)?sessid|(asp|jser
SecRule &SESSION:SESSIONID "@eq 1" "chain,phase:5,id:'981063',nolog,pass,t:none"
SecRule REMOTE_ADDR "^(\d{1,3}\.\d{1,3}\.\d{1,3}\.)" "chain,nolog,capture,t:none"
- SecRule TX:1 ".*" "chain,t:sha1,t:hexEncode,setvar:session.ip_hash=%{matched_var}"
+ SecRule TX:1 ".*" "t:sha1,t:hexEncode,setvar:session.ip_hash=%{matched_var}"
SecRule &SESSION:SESSIONID "@eq 1" "chain,phase:5,id:'981064',nolog,pass,t:none"
SecRule REQUEST_HEADERS:User-Agent ".*" "t:none,t:sha1,t:hexEncode,nolog,setvar:session.ua_hash=%{matched_var}"

0 comments on commit e2fbef4

Please sign in to comment.