Skip to content
This repository has been archived by the owner on May 14, 2020. It is now read-only.

Commit

Permalink
Wrongful "chain" action
Browse files Browse the repository at this point in the history 
The chain action on line 49 was causing rule 981064 to act as chained, which would make its dsiruptive actions illegal, and the two main rules useless...
  • Loading branch information
@th3m1773n
th3m1773n committed Mar 19, 2014
1 parent 7c0f59e commit e2fbef4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion optional_rules/modsecurity_crs_16_session_hijacking.conf
View file
Original file line number Original file line Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ SecRule RESPONSE_HEADERS:/Set-Cookie2?/ "(?i:(j?sessionid|(php)?sessid|(asp|jser


SecRule &SESSION:SESSIONID "@eq 1" "chain,phase:5,id:'981063',nolog,pass,t:none" SecRule &SESSION:SESSIONID "@eq 1" "chain,phase:5,id:'981063',nolog,pass,t:none"
SecRule REMOTE_ADDR "^(\d{1,3}\.\d{1,3}\.\d{1,3}\.)" "chain,nolog,capture,t:none" SecRule REMOTE_ADDR "^(\d{1,3}\.\d{1,3}\.\d{1,3}\.)" "chain,nolog,capture,t:none"
SecRule TX:1 ".*" "chain,t:sha1,t:hexEncode,setvar:session.ip_hash=%{matched_var}" SecRule TX:1 ".*" "t:sha1,t:hexEncode,setvar:session.ip_hash=%{matched_var}"


SecRule &SESSION:SESSIONID "@eq 1" "chain,phase:5,id:'981064',nolog,pass,t:none" SecRule &SESSION:SESSIONID "@eq 1" "chain,phase:5,id:'981064',nolog,pass,t:none"
SecRule REQUEST_HEADERS:User-Agent ".*" "t:none,t:sha1,t:hexEncode,nolog,setvar:session.ua_hash=%{matched_var}" SecRule REQUEST_HEADERS:User-Agent ".*" "t:none,t:sha1,t:hexEncode,nolog,setvar:session.ua_hash=%{matched_var}"

0 comments on commit e2fbef4

Please sign in to comment.