0

由于 Railo/Resin 不允许会话 cookie 为 httpOnly,我一直在尝试使用 mod-security 2.7 来捕获它们。通常这会在phase:3我似乎无法处理阶段:3 或 4 的任何规则时完成......

像这样的简单规则:

SecRule RESPONSE_HEADERS:Set-Cookie ".+" "id:1005,log,phase:3,msg:%{matched_var}"

访问我的 rootPage 时记录:

[/][4] Initialising transaction (txid UDORCgoUBWsAADDIBB4AAAA-).
[/][4] Transaction context created (dcfg 324de8).
[/][4] First phase starting (dcfg 324de8).
[/][4] Starting phase REQUEST_HEADERS.
[/][9] This phase consists of 0 rule(s).
[/][4] Second phase starting (dcfg 324de8).
[/][4] Input filter: This request does not have a body.
[/][4] Starting phase REQUEST_BODY.
[/][9] This phase consists of 0 rule(s).
[/][4] Hook insert_filter: Adding output filter (r 15b6110).
[/][4] Initialising logging.
[/index.cfm][4] Starting phase LOGGING.
[/index.cfm][9] This phase consists of 0 rule(s).
[/index.cfm][4] Recording persistent data took 0 microseconds.
[/index.cfm][4] Audit log: Not configured to run for this request.

但是,当访问静态图像时,阶段 3 和 4 会正常处理:

[/image.png][4] Initialising transaction (txid UDORMgoUBWsAADDIBB8AAAA-).
[/image.png][4] Transaction context created (dcfg 324de8).
[/image.png][4] Hook insert_error_filter: Adding output filter (r 15ba120).
[/image.png][9] Output filter: Receiving output (f 15bba50, r 15ba120).
[/image.png][4] Starting phase RESPONSE_HEADERS.
[/image.png][9] This phase consists of 1 rule(s).
[/image.png][4] Recipe: Invoking rule 347328; [file "C:/Apache/conf/httpd.conf"] [line "525"] [id "1005"].
[/image.png][5] Rule 347328: SecRule "RESPONSE_HEADERS:Set-Cookie" "@rx .+" "phase:3,auditlog,pass,id:1005,log,msg:%{matched_var}"
[/image.png][4] Rule returned 0.
[/image.png][9] No match, not chained -> mode NEXT_RULE.
[/image.png][4] Output filter: Response body buffering is not enabled.
[/image.png][9] Content Injection: Not enabled.
[/image.png][4] Output filter: Completed receiving response body (non-buffering).
[/image.png][4] Starting phase RESPONSE_BODY.
[/image.png][9] This phase consists of 0 rule(s).
[/image.png][4] Output filter: Output forwarding complete.
[/image.png][9] Output filter: Sending input brigade directly.
[/image.png][4] Initialising logging.
[/image.png][4] Starting phase LOGGING.
[/image.png][9] This phase consists of 0 rule(s).
[/image.png][4] Recording persistent data took 0 microseconds.
[/image.png][4] Audit log: Not configured to run for this request.

我正在使用 mod_caucho 将 Apache 连接到 Resin

4

1 回答 1

0

从您的日志中,它已被执行。

[/image.png][4] 配方:调用规则 347328;[文件 "C:/Apache/conf/httpd.conf"] [行 "525"] [id "1005"]。[/image.png][5] 规则 347328:SecRule "RESPONSE_HEADERS:Set-Cookie" "@rx .+" "phase:3,auditlog,pass,id:1005,log,msg:%{matched_var}" [/ image.png][4] 规则返回 0。 [/image.png][9] 不匹配,未链接 -> 模式 NEXT_RULE。

你有一个错误,很愚蠢,当你请求一个静态资源时,服务器不会响应一个 Set-Cookie 头,只有你请求一个动态资源,它才会有一个 Set-Cookie 头。

在你的情况下,你请求一个图像。你可以请求一个动态文件,比如 website/inpde.php?uaer=admin,然后你会看到它匹配 Set-Cookie

于 2012-09-11T08:48:39.513 回答