[mod-security-users] Getting mod_security to analyze output from other modules/plugins
Brought to you by:
victorhora,
zimmerletw
From: John M. <jo...@ly...> - 2012-11-07 18:42:40
|
Hello, I'm trying to come up with a fix for some legacy applications. Specifically I need to get the httpOnly attribute set on some session cookies. I came across some very helpful information and I've been able to successfully get mod_security installed and have it "fixing" session cookies that are created in a PHP 5.1 environment (that's not aware of the httpOnly attribute) My next task is to accomplish the same thing, but instead of PHP, it's an old legacy middleware system that's generating the HTTP response. When I went to test this out, the "cookie fixing" wasn't happening. Is there something special or different that this middleware could be doing with it's apache plugin/module, that's causing it to bypass whatever would normally give mod_security a shot at modifying the result before it goes to the browser? For what it's worth, the middleware is called Witango, (formerly known as Tango, now known as TeraScribe (by hardly anybody)) I did some reading and understand the "phases" that mod_security is capable of working in, I'm sorry if I'm not providing enough information, here. I'm just hoping this is enough information to start a conversation about where to go or what to look for here. Thanks in advance, John |