Re: [mod-security-users] processing a cookie

[joe b. <joe...@ya...>]

Thanks Alex
   
  I didn't use this for the hash because this allows an empty field 
   
  "^[0-9a-zA-Z]*"
   
  instead I used "^[0-9a-zA-Z=]+$" so the field can not be blank and the $ so nothing can exist beyond it.
   
  For the cookie I would think it needs $ for same reason
  "^[0-9a-fA-F]{32}$" 
   
  Am I correct in this line of thinking?
   
  Is 32 the standard normal default size of php session cookies? 
   
  

"Alex V." <ale...@ss...> wrote:
  Hi

in the documentation, you can read this :
COOKIE_name - search cookie with name name

So, just write a rule allowing this cookie if value length is 32B and only
hexa chars :

if (as I suppose) it's for the same apps as before :
SecFilterSelective REQUEST_URI "^/mls_verifyemail.php" chain
SecFilterSelective ARGS_hash "^[0-9a-zA-Z]*" chain
SecFilterSelective COOKIE_PHPSESSID "^[0-9a-fA-F]{32}" allow

else :
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-fA-F]{32}" deny

Alex

On Jeu 13 avril 2006 4:10, joe barbish a écrit :
> Hello list
> In my debug log I see this.
> I know this is being created by my php session control.
> This seems to pass right through my mod_security rules untouched.
>
> Raw cookie header "PHPSESSID=57afe9ec2e03d155efde2b7d53171a7e"
> Adding cookie "PHPSESSID"="57afe9ec2e03d155efde2b7d53171a7e"
>
> I want to have rules to check cookie name and that the argument
> PHPSESSID is there and that the content is (which looks like md5) valid
with nothing inserted.
> I do not have enough knowledge to even begin writing a rule or even to
> begin formulating how to ask intelligent question about processing cookies.
>
> I need your help please.
>
>
> ---------------------------------
> How low will we go? Check out Yahoo! Messenger’s low PC-to-Phone call
rates.






-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
mod-security-users mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-users


		
---------------------------------
How low will we go? Check out Yahoo! Messenger’s low  PC-to-Phone call rates.