All,
With the installation of the latest rulesit, I'm
now getting the following alerts:
Warning - Sticky SessionID Data Changed -
User-Agent Mismatch. Access denied with code
403 (phase 2). Match of "streq %{SESSION.UA}"
against "TX:ua_hash" required.
Hope I'm not being too stupid here, but what does
that mean? Am I blocking legitimate traffic?
Better still, is there a place (documents, etc.)
that describes various alerts?
Thanks.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
[email protected]
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
