由于Railo / Resin不允许会话cookie成为httpOnly我一直试图用mod-security 2.7捕获它们。通常这可以在phase:3中完成。我似乎无法处理阶段的任何规则:3或4 ...
这样的简单规则:
SecRule RESPONSE_HEADERS:Set-Cookie ".+" "id:1005,log,phase:3,msg:%{matched_var}"
访问我的rootPage时记录此信息:
[/][4] Initialising transaction (txid UDORCgoUBWsAADDIBB4AAAA-).
[/][4] Transaction context created (dcfg 324de8).
[/][4] First phase starting (dcfg 324de8).
[/][4] Starting phase REQUEST_HEADERS.
[/][9] This phase consists of 0 rule(s).
[/][4] Second phase starting (dcfg 324de8).
[/][4] Input filter: This request does not have a body.
[/][4] Starting phase REQUEST_BODY.
[/][9] This phase consists of 0 rule(s).
[/][4] Hook insert_filter: Adding output filter (r 15b6110).
[/][4] Initialising logging.
[/index.cfm][4] Starting phase LOGGING.
[/index.cfm][9] This phase consists of 0 rule(s).
[/index.cfm][4] Recording persistent data took 0 microseconds.
[/index.cfm][4] Audit log: Not configured to run for this request.
访问静态图像时,第3阶段和第4阶段正常处理:
[/image.png][4] Initialising transaction (txid UDORMgoUBWsAADDIBB8AAAA-).
[/image.png][4] Transaction context created (dcfg 324de8).
[/image.png][4] Hook insert_error_filter: Adding output filter (r 15ba120).
[/image.png][9] Output filter: Receiving output (f 15bba50, r 15ba120).
[/image.png][4] Starting phase RESPONSE_HEADERS.
[/image.png][9] This phase consists of 1 rule(s).
[/image.png][4] Recipe: Invoking rule 347328; [file "C:/Apache/conf/httpd.conf"] [line "525"] [id "1005"].
[/image.png][5] Rule 347328: SecRule "RESPONSE_HEADERS:Set-Cookie" "@rx .+" "phase:3,auditlog,pass,id:1005,log,msg:%{matched_var}"
[/image.png][4] Rule returned 0.
[/image.png][9] No match, not chained -> mode NEXT_RULE.
[/image.png][4] Output filter: Response body buffering is not enabled.
[/image.png][9] Content Injection: Not enabled.
[/image.png][4] Output filter: Completed receiving response body (non-buffering).
[/image.png][4] Starting phase RESPONSE_BODY.
[/image.png][9] This phase consists of 0 rule(s).
[/image.png][4] Output filter: Output forwarding complete.
[/image.png][9] Output filter: Sending input brigade directly.
[/image.png][4] Initialising logging.
[/image.png][4] Starting phase LOGGING.
[/image.png][9] This phase consists of 0 rule(s).
[/image.png][4] Recording persistent data took 0 microseconds.
[/image.png][4] Audit log: Not configured to run for this request.
我正在使用mod_caucho将Apache连接到Resin
答案 0 :(得分:0)
从您的日志中,它已被执行。
[/ image.png] [4]食谱:调用规则347328; [file“C:/Apache/conf/httpd.conf”] [line“525”] [id“1005”]。 [/image.png] [5]规则347328:SecRule“RESPONSE_HEADERS:Set-Cookie”“@ rx。+”“阶段:3,auditlog,pass,id:1005,log,msg:%{matched_var}” [/image.png] [4]规则返回0。 [/image.png] [9]不匹配,没有链接 - >模式NEXT_RULE。
你有一个错误,ussilly,当你请求静态资源时,服务器不会响应Set-Cookie头,只有你请求一个动态资源,它有一个Set-Cookie头。
在你的情况下,你请求一个图像。你可以请求一个动态文件,如website / inpde.php?uaer = admin,然后你会看到它匹配Set-Cookie