Hello Richard, This error message is a rare.
On Tue, Jan 12, 2016 at 04:38:33PM +0000, Richard Jones wrote: > I’m seeing huge number of these errors about session.ip_hash and > session.ua_hash not having a collection: > > [Tue Jan 12 16:33:42.379454 2016] [:error] [pid 1925:tid 139976666769152] > [client 10.30.82.121] ModSecurity: Could not set variable “session.ip_hash” > as the collection does not exist. [hostname “www.reading.ac.uk”] [uri > “/mytimetable/m”] [unique_id “VpUq5IbhAVgAAAeFS@UAAAEI”] > [Tue Jan 12 16:33:42.379484 2016] [:error] [pid 1925:tid 139976666769152] > [client 10.30.82.121] ModSecurity: Could not set variable “session.ua_hash” > as the collection does not exist. > > Disabling modsecurity_crs_16_session_hijacking.conf fixes the errors. Can you confirm, that the setsid action is really executed for the session collection and that it happens before modsecurity_crs_16_session_hijacking.conf? Given your description of the setup, it should be alright, but somehow there is an issue. If the creation of the collection fails, then there should be an additional error, so I think setsid is not happening. Ahoj, Christian -- The meaning of the living words that come out of the experiences of great hearts can never be exhausted by any one system of logical interpretation. They have to be endlessly explained by the commentaries of individual lives, and they gain an added mystery in each new revelation. -- Rabindranath Tagore _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
