我正在使用core rules of OWASP mod_security。似乎有误报......
的index.php
if( session_id() == '' )
session_start();
主管要求
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Connection keep-alive
Cookie PHPSESSID=o2aaf0uti8pmah63t92ssvkqv0
Host www.test.com
User-Agent Mozilla/5.0 (Windows NT 6.0; rv:28.0) Gecko/20100101 Firefox/28.0
error.log中
[Mon Apr 28 20:11:37.346379 2014] [:error] [pid 5312:tid 1700] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 1).
Operator EQ matched 1 at SESSION:IS_NEW. [file "C:/apache/conf/crs/optional_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.test.com"] [uri "/"] [unique_id "U16Z2cCoAQkAABTAnDUAAACV"]
modsecurity_crs_16_session_hijacking.conf
SecRule REQUEST_COOKIES:'/(j?sessionid|(php)?sessid|(asp|jserv|jw)?session[-_]?(id)?|cf(id|token)|sid)/' ".*" "chain,phase:1,id:'981054',t:none,block,log,msg:'Invalid SessionID Submitted.',setsid:%{matched_var},setvar:tx.sessionid=%{matched_var},skipAfter:END_SESSION_STARTUP"
SecRule SESSION:IS_NEW "@eq 1" "t:none,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/INVALID_SESSIONID-%{matched_var_name}=%{tx.0}"
的httpd.conf
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
<IfModule security2_module>
SecRuleEngine On
SecRequestBodyAccess Off
Include conf/crs/modsecurity_crs_10_setup.conf
Include conf/crs/optional_rules/modsecurity_crs_16_session_hijacking.conf
</IfModule>