On Thu, Dec 30, 2010 at 10:39 PM, Dimitri Yioulos <[email protected]> wrote:
> Ryan, > > Thanks very much for your help. > > I did install the changed session_hijacking.conf > file, along with any other updated files (but not > the entire ruleset). > > Just to be on the safe side, I had someone test > reaching our Web site from outside, and she > landed on the Apache test page. Yikes! So, I > disabled session_hijacking.conf, and she was then > able to get to our site. Is it an issue with > session_hijacking.conf or with our site? Hi Dimitri, Take a look at the modsecurity audit and/or debug logs to know whether it is ModSec which is stopping the traffic or not. As an aside, what is the SecDefaultAction set to? -- - Josh _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
