Re: [mod-security-users] Syntax error for rule by trustwave
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Syntax error for rule by trustwave
|
From: Ervin H. <ai...@gm...> - 2019-10-01 14:40:21
|
Hi Homesh,
On Tue, Oct 01, 2019 at 07:29:53PM +0530, homesh joshi wrote:
>
> here is is the final thing that worked for me. Now I am testing the rule
> for various conditions.
good to see,
> #Step1
> ## This rule will identify the outbound Set-Cookie SessionID data and capture it in a setsid#
> SecRule RESPONSE_HEADERS:/Set-Cookie2?/ > "(?i:(j?sessionid|(php)?sessid|(asp|jserv|jw)?session[-_]?(id)?|cf(id|token)|sid).*?=([^\s].*?)\;\s?)" "chain,phase:3,id:'881062',t:none,pass,nolog,capture,setsid:%{TX.6},setvar:session.sessionid=%{TX.6},setvar:tx.ip=%{remote_addr},setvar:tx.ua=%{request_headers.user-agent}"
just my 2 cents: you would better to use the actions that you
quote its arguments, eg:
setvar:'tx.ua=%{request_headers.user-agent}'
It's not mandatory, but more clear.
a.
|
