mod-security-users Mailing List for ModSecurity (Page 560)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

You should be able to achieve this by creating the following filter -

SecFilterSelective HTTP_COOKIE "!cookietest"

If I then make the following request (without supplying a cookie
header at all) it will be denied -

# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 403 Forbidden

Here was the error message logged -

May 26 11:10:27 metacortex httpd[12206]: [error] [client 127.0.0.1]
mod_security: Access denied with code 403. Pattern match "!cookietest"
at HEADER(COOKIE) [uri "/"] [unique_id 0lNfrcCoAWYAAC@uB5MAAAAA]

--=20
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC

On 6/4/05, FrzzMan <fr...@gm...> wrote:
> Hello,
>=20
> My site have been DDoSed for a month now :(
>=20
> I tried to set up a filter that block every request that don't have a
> specific cookie, but I can't find noway to
> set it up, it can check a existed cookie to match the value,
> but if that cookie is not existed, it allow the
> request.
>=20
> Please help... thank you in advance.
>=20
>=20
>=20
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you sho=
tput
> a projector? How fast can you ride your desk chair down the office luge t=
rack?
> If you want to score the big prize, get to know the little guy.
> Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=3D20
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>

2003	Jan	Feb	Mar	Apr	May	Jun (2)	Jul (17)	Aug (7)	Sep (8)	Oct (11)	Nov (14)	Dec (19)
2004	Jan (46)	Feb (14)	Mar (20)	Apr (48)	May (15)	Jun (20)	Jul (36)	Aug (24)	Sep (31)	Oct (28)	Nov (23)	Dec (12)
2005	Jan (69)	Feb (61)	Mar (82)	Apr (53)	May (26)	Jun (71)	Jul (27)	Aug (52)	Sep (28)	Oct (49)	Nov (104)	Dec (74)
2006	Jan (61)	Feb (148)	Mar (82)	Apr (139)	May (65)	Jun (116)	Jul (92)	Aug (101)	Sep (84)	Oct (103)	Nov (174)	Dec (102)
2007	Jan (166)	Feb (161)	Mar (181)	Apr (152)	May (192)	Jun (250)	Jul (127)	Aug (165)	Sep (97)	Oct (135)	Nov (206)	Dec (56)
2008	Jan (160)	Feb (135)	Mar (98)	Apr (89)	May (115)	Jun (95)	Jul (188)	Aug (167)	Sep (153)	Oct (84)	Nov (82)	Dec (85)
2009	Jan (139)	Feb (133)	Mar (128)	Apr (105)	May (135)	Jun (79)	Jul (92)	Aug (134)	Sep (73)	Oct (112)	Nov (159)	Dec (80)
2010	Jan (100)	Feb (116)	Mar (130)	Apr (59)	May (88)	Jun (59)	Jul (69)	Aug (67)	Sep (82)	Oct (76)	Nov (59)	Dec (34)
2011	Jan (84)	Feb (74)	Mar (81)	Apr (94)	May (188)	Jun (72)	Jul (118)	Aug (109)	Sep (111)	Oct (80)	Nov (51)	Dec (44)
2012	Jan (80)	Feb (123)	Mar (46)	Apr (12)	May (40)	Jun (62)	Jul (95)	Aug (66)	Sep (65)	Oct (53)	Nov (42)	Dec (60)
2013	Jan (96)	Feb (96)	Mar (108)	Apr (72)	May (115)	Jun (111)	Jul (114)	Aug (87)	Sep (93)	Oct (97)	Nov (104)	Dec (82)
2014	Jan (96)	Feb (77)	Mar (71)	Apr (40)	May (48)	Jun (78)	Jul (54)	Aug (44)	Sep (58)	Oct (79)	Nov (51)	Dec (52)
2015	Jan (55)	Feb (59)	Mar (48)	Apr (40)	May (45)	Jun (63)	Jul (36)	Aug (49)	Sep (35)	Oct (58)	Nov (21)	Dec (47)
2016	Jan (35)	Feb (81)	Mar (43)	Apr (41)	May (77)	Jun (52)	Jul (39)	Aug (34)	Sep (107)	Oct (67)	Nov (54)	Dec (20)
2017	Jan (99)	Feb (37)	Mar (86)	Apr (47)	May (57)	Jun (55)	Jul (34)	Aug (31)	Sep (16)	Oct (49)	Nov (53)	Dec (33)
2018	Jan (25)	Feb (11)	Mar (79)	Apr (77)	May (5)	Jun (19)	Jul (17)	Aug (7)	Sep (13)	Oct (22)	Nov (13)	Dec (68)
2019	Jan (44)	Feb (17)	Mar (40)	Apr (39)	May (18)	Jun (14)	Jul (20)	Aug (31)	Sep (11)	Oct (35)	Nov (3)	Dec (10)
2020	Jan (32)	Feb (16)	Mar (10)	Apr (22)	May (2)	Jun (34)	Jul (1)	Aug (8)	Sep (36)	Oct (16)	Nov (13)	Dec (10)
2021	Jan (16)	Feb (23)	Mar (45)	Apr (28)	May (6)	Jun (17)	Jul (8)	Aug (1)	Sep (2)	Oct (35)	Nov	Dec (5)
2022	Jan	Feb (17)	Mar (23)	Apr (23)	May (9)	Jun (8)	Jul	Aug	Sep (7)	Oct (5)	Nov (16)	Dec (4)
2023	Jan	Feb	Mar (3)	Apr	May (1)	Jun (4)	Jul (1)	Aug	Sep (2)	Oct (1)	Nov	Dec
2024	Jan (7)	Feb (13)	Mar (18)	Apr	May	Jun	Jul	Aug	Sep (2)	Oct (1)	Nov (5)	Dec (3)
2025	Jan	Feb	Mar	Apr (12)	May (12)	Jun (2)	Jul (3)	Aug	Sep	Oct	Nov	Dec

mod-security-users Mailing List for ModSecurity (Page 560)

mod-security-users — General discussion about mod_security