[Modsecurity] PHPSESSID
Mike Cardwell
modsecurity at blubbernet.com
Thu Apr 20 07:45:00 EDT 2006
The following rules throw up false positives for me on a fairly regular
basis:
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"
I think this is down to the way different browsers using different
versions of cookies send their cookies...?
Wouldn't it be safer, and just as secure have them in this format
instead? :
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]{26}"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]{26}"
I'm gonna give it a try later. Just thought I'd mention it.
Mike
--
Digital photo printing: http://www.fotoserve.com/
More information about the Modsecurity
mailing list