You should be able to achieve this by creating the following filter -
SecFilterSelective HTTP_COOKIE "!cookietest"
If I then make the following request (without supplying a cookie
header at all) it will be denied -
# telnet localhost 80
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 403 Forbidden
Here was the error message logged -
May 26 11:10:27 metacortex httpd[12206]: [error] [client 127.0.0.1]
mod_security: Access denied with code 403. Pattern match "!cookietest"
at HEADER(COOKIE) [uri "/"] [unique_id 0lNfrcCoAWYAAC@uB5MAAAAA]
--=20
Ryan C. Barnett
Web Application Security Consortium (WASC) Member
SANS Instructor: Securing Apache
GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
On 6/4/05, FrzzMan <fr...@gm...> wrote:
> Hello,
>=20
> My site have been DDoSed for a month now :(
>=20
> I tried to set up a filter that block every request that don't have a
> specific cookie, but I can't find noway to
> set it up, it can check a existed cookie to match the value,
> but if that cookie is not existed, it allow the
> request.
>=20
> Please help... thank you in advance.
>=20
>=20
>=20
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games. How far can you sho=
tput
> a projector? How fast can you ride your desk chair down the office luge t=
rack?
> If you want to score the big prize, get to know the little guy.
> Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=3D20
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
|
