[Owasp-modsecurity-core-rule-set] Using SecHashKey, SecParam, SecHashMethodRx set cookie token

conn.zhang Tue, 12 Mar 2013 18:46:47 -0700

Hello,all!
Now, I'm using SecHashKey SecParam and SecHashMethodRx variables set the 
cookies token.
My rule looks like this:


SecHashEngine On
SecHashParam cookie_token
SecHashKey Rand SessionID
SecHashMethodRx HashLocation "Set-Cookie2?"
SecRule REQUEST_HEADERS "@validate Hash Cookie" \
"phase:2,capture,t:none,block,ctl:HashEnforcement=On,log,auitlog,status:403,id:'999900'"

I don't see the token was set in cookie header.




DBAppSecurity

_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

[Owasp-modsecurity-core-rule-set] Using SecHashKey, SecParam, SecHashMethodRx set cookie token

Reply via email to