Re: [Mod-security-developers] [ModSecurity 2.6.3] Session collection broken
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] [ModSecurity 2.6.3] Session collection broken
|
From: Jeroen De R. <voe...@gm...> - 2012-03-06 18:59:06
|
Success! Tested this time on my home machine, where I had also observed this to happen (this is the one where I linked against the system PCRE library). I can test again tomorrow on the two boxes I used for the original report, but I'm sure they'll work too. Again three requests from a clean and rebooted apache: [Tue Mar 06 19:53:29 2012] [notice] caught SIGTERM, shutting down [Tue Mar 06 19:53:42 2012] [notice] ModSecurity for Apache/2.6.4-rc1 (http://www.modsecurity.org/) configured. [Tue Mar 06 19:53:42 2012] [notice] ModSecurity: APR compiled version="1.4.5"; loaded version="1.4.5" [Tue Mar 06 19:53:42 2012] [notice] ModSecurity: PCRE compiled version="8.12"; loaded version="8.12 2011-01-15" [Tue Mar 06 19:53:42 2012] [notice] ModSecurity: LUA compiled version="Lua 5.1" [Tue Mar 06 19:53:42 2012] [notice] ModSecurity: LIBXML compiled version="2.7.8" [Tue Mar 06 19:53:42 2012] [notice] Digest: generating secret for digest authentication ... [Tue Mar 06 19:53:42 2012] [notice] Digest: done [Tue Mar 06 19:53:53 2012] [notice] Apache/2.2.22 (Unix) PHP/5.4.0 configured -- resuming normal operations [Tue Mar 06 19:53:53 2012] [error] [client 127.0.0.1] ModSecurity: collection_retrieve_ex: Retrieving collection (name "default_SESSION", filename "/opt/apache/modsecurity/data/default_SESSION") [hostname "localhost"] [uri "/session/"] [unique_id "T1ZdQcCoALsAAAbOBqkAAAAF"] [Tue Mar 06 19:53:53 2012] [error] [client 127.0.0.1] ModSecurity: Warning. Unconditional match in SecAction. [file "/opt/apache/conf/extra/httpd-modsecurity2.conf"] [line "13"] [data "Reading session variable session.foo="] [hostname "localhost"] [uri "/session/"] [unique_id "T1ZdQcCoALsAAAbOBqkAAAAF"] [Tue Mar 06 19:53:53 2012] [error] [client 127.0.0.1] ModSecurity: Warning. Unconditional match in SecAction. [file "/opt/apache/conf/extra/httpd-modsecurity2.conf"] [line "14"] [data "Incrementing session variable session.foo=1"] [hostname "localhost"] [uri "/session/"] [unique_id "T1ZdQcCoALsAAAbOBqkAAAAF"] [Tue Mar 06 19:53:53 2012] [error] [client 127.0.0.1] ModSecurity: collection_store: Retrieving collection (name "default_SESSION", filename "/opt/apache/modsecurity/data/default_SESSION") [hostname "localhost"] [uri "/session/index.php"] [unique_id "T1ZdQcCoALsAAAbOBqkAAAAF"] [Tue Mar 06 19:54:07 2012] [error] [client 127.0.0.1] ModSecurity: collection_retrieve_ex: Retrieving collection (name "default_SESSION", filename "/opt/apache/modsecurity/data/default_SESSION") [hostname "localhost"] [uri "/session/"] [unique_id "T1ZdT8CoALsAAAbOBqoAAAAI"] [Tue Mar 06 19:54:07 2012] [error] [client 127.0.0.1] ModSecurity: Warning. Unconditional match in SecAction. [file "/opt/apache/conf/extra/httpd-modsecurity2.conf"] [line "13"] [data "Reading session variable session.foo=1"] [hostname "localhost"] [uri "/session/"] [unique_id "T1ZdT8CoALsAAAbOBqoAAAAI"] [Tue Mar 06 19:54:07 2012] [error] [client 127.0.0.1] ModSecurity: Warning. Unconditional match in SecAction. [file "/opt/apache/conf/extra/httpd-modsecurity2.conf"] [line "14"] [data "Incrementing session variable session.foo=2"] [hostname "localhost"] [uri "/session/"] [unique_id "T1ZdT8CoALsAAAbOBqoAAAAI"] [Tue Mar 06 19:54:07 2012] [error] [client 127.0.0.1] ModSecurity: collection_store: Retrieving collection (name "default_SESSION", filename "/opt/apache/modsecurity/data/default_SESSION") [hostname "localhost"] [uri "/session/index.php"] [unique_id "T1ZdT8CoALsAAAbOBqoAAAAI"] [Tue Mar 06 19:54:10 2012] [error] [client 127.0.0.1] ModSecurity: collection_retrieve_ex: Retrieving collection (name "default_SESSION", filename "/opt/apache/modsecurity/data/default_SESSION") [hostname "localhost"] [uri "/session/"] [unique_id "T1ZdUsCoALsAAAbOBqsAAAAI"] [Tue Mar 06 19:54:10 2012] [error] [client 127.0.0.1] ModSecurity: Warning. Unconditional match in SecAction. [file "/opt/apache/conf/extra/httpd-modsecurity2.conf"] [line "13"] [data "Reading session variable session.foo=2"] [hostname "localhost"] [uri "/session/"] [unique_id "T1ZdUsCoALsAAAbOBqsAAAAI"] [Tue Mar 06 19:54:10 2012] [error] [client 127.0.0.1] ModSecurity: Warning. Unconditional match in SecAction. [file "/opt/apache/conf/extra/httpd-modsecurity2.conf"] [line "14"] [data "Incrementing session variable session.foo=3"] [hostname "localhost"] [uri "/session/"] [unique_id "T1ZdUsCoALsAAAbOBqsAAAAI"] [Tue Mar 06 19:54:10 2012] [error] [client 127.0.0.1] ModSecurity: collection_store: Retrieving collection (name "default_SESSION", filename "/opt/apache/modsecurity/data/default_SESSION") [hostname "localhost"] [uri "/session/index.php"] [unique_id "T1ZdUsCoALsAAAbOBqsAAAAI"] |
