[mod-security-users] Cookie separator
Brought to you by:
victorhora,
zimmerletw
From: Luca <sup...@bi...> - 2013-01-30 09:54:16
|
Hi everyone. I've got a problem with cookie separator logic. It happens I'm receiving requests containing a cookie whose value contains a comma character ",". ModSec splits then this cookie in two parts, ending the first one just before the comma. This means the second created cookie has a name created out of the remaining part of the original cookie value... Unfortunately I don't have any control on how these cookies are created. I tried setting SecCookieFormat to "1", still no difference in ModSec behavior. Any suggestion to avoid this problem? Here's my configuration. ModSec 2.7.2 CoreRules: 2.2.7 Linux RHEL 6, 32 Bit Thanks, Luca |