File: fix_838009.patch

package info (click to toggle)
modsecurity-crs 2.2.9-1%2Bdeb8u1
  • links: PTS
  • area: main
  • in suites: jessie
  • size: 3,064 kB
  • ctags: 219
  • sloc: perl: 1,002; ansic: 727; ruby: 69; makefile: 18
file content (13 lines) | stat: -rw-r--r-- 924 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
Index: modsecurity-crs/optional_rules/modsecurity_crs_16_session_hijacking.conf
===================================================================
--- modsecurity-crs.orig/optional_rules/modsecurity_crs_16_session_hijacking.conf
+++ modsecurity-crs/optional_rules/modsecurity_crs_16_session_hijacking.conf
@@ -46,7 +46,7 @@ SecRule RESPONSE_HEADERS:/Set-Cookie2?/
 
 SecRule &SESSION:SESSIONID "@eq 1" "chain,phase:5,id:'981063',nolog,pass,t:none"
         SecRule REMOTE_ADDR "^(\d{1,3}\.\d{1,3}\.\d{1,3}\.)"  "chain,nolog,capture,t:none"
-        SecRule TX:1 ".*" "chain,t:sha1,t:hexEncode,setvar:session.ip_hash=%{matched_var}"
+        SecRule TX:1 ".*" "t:sha1,t:hexEncode,setvar:session.ip_hash=%{matched_var}"
 
 SecRule &SESSION:SESSIONID "@eq 1" "chain,phase:5,id:'981064',nolog,pass,t:none"
         SecRule REQUEST_HEADERS:User-Agent ".*" "t:none,t:sha1,t:hexEncode,nolog,setvar:session.ua_hash=%{matched_var}"