Re: [mod-security-users] Cookie tripping modsec
Brought to you by:
victorhora,
zimmerletw
From: Ryan B. <RBa...@tr...> - 2011-08-26 14:53:02
|
On 8/26/11 10:46 AM, "Organic Spider" <web...@or...> wrote: >Hello, we are having a problem where a cookie being set is tripping rule >981173 due to the number of special characters. I have created a >modsecurity_crs_15_customrules.conf file with the following content: > ># Ignore tracker cookie >SecRule REQUEST_HEADERS \ > >"phase:1,t:none,nolog,pass,ctl:ruleUpdateTargetById=981173:!REQUEST_COOKIE >S:tracker" > >Yet when I reload HTTPD and test the cookie is still being reported as a >warning. How would one override it please ? Do I have it set to early in >the processing ? When using ctl:ruleUpdateTargetById action, you need to use a semi-colon after the rule ID instead of a colon. # Ignore tracker cookie SecRule REQUEST_HEADERS \ "phase:1,t:none,nolog,pass,ctl:ruleUpdateTargetById=981173;!REQUEST_COOKIES :tracker" -Ryan >-- >Thank you, OS This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |