Hi, I think the rules should work. The only thing i needed to change was SecRule SESSION:VALID "!@eq 1" to SecRule &SESSION:VALID "!@eq 1" . If you don't change this you get for sessions which are not known to mod_security the ip_hash/ua_hash mismatch warnings.
Michael 2011/9/13 Chunde Shi <[email protected]>: > ________________________________ > > Hello: > > I noticed your good discussion on Problem with > modsecurity_crs_16_session_hijacking.conf. > (https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2011-July/000794.html) > I am using it and ran into similar ip/hash/matching problem. I am not sure > if the latest file from > > http://mod-security.svn.sourceforge.net/viewvc/mod-security/crs/trunk/optional_rules/modsecurity_crs_16_session_hijacking.conf > > has fixed the problem you were referring to. > But my problem sounds similar to yours. > > > Do you > have a working version of the modsecurity_crs_16_session_hijacking.conf. > Could you email me if you do, [email protected]? > > Thanks in advance > > Chunde > > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
