Apache/PHP mod_安全性:会话劫持与会话_start()的误报
我在用这个。似乎有一个假阳性 index.phpApache/PHP mod_安全性:会话劫持与会话_start()的误报,php,apache,mod-security,Php,Apache,Mod Security,我在用这个。似乎有一个假阳性 index.php if( session_id() == '' ) session_start(); 头请求 错误。日志 [Mon Apr 28 20:11:37.346379 2014] [:error] [pid 5312:tid 1700] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:
if( session_id() == '' )
session_start();
头请求
错误。日志
[Mon Apr 28 20:11:37.346379 2014] [:error] [pid 5312:tid 1700] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 1).
Operator EQ matched 1 at SESSION:IS_NEW. [file "C:/apache/conf/crs/optional_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.test.com"] [uri "/"] [unique_id "U16Z2cCoAQkAABTAnDUAAACV"]
modsecurity\u crs\u 16\u session\u jacking.conf
SecRule REQUEST_COOKIES:'/(j?sessionid|(php)?sessid|(asp|jserv|jw)?session[-_]?(id)?|cf(id|token)|sid)/' ".*" "chain,phase:1,id:'981054',t:none,block,log,msg:'Invalid SessionID Submitted.',setsid:%{matched_var},setvar:tx.sessionid=%{matched_var},skipAfter:END_SESSION_STARTUP"
SecRule SESSION:IS_NEW "@eq 1" "t:none,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/INVALID_SESSIONID-%{matched_var_name}=%{tx.0}"
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
<IfModule security2_module>
SecRuleEngine On
SecRequestBodyAccess Off
Include conf/crs/modsecurity_crs_10_setup.conf
Include conf/crs/optional_rules/modsecurity_crs_16_session_hijacking.conf
</IfModule>
httpd.conf
SecRule REQUEST_COOKIES:'/(j?sessionid|(php)?sessid|(asp|jserv|jw)?session[-_]?(id)?|cf(id|token)|sid)/' ".*" "chain,phase:1,id:'981054',t:none,block,log,msg:'Invalid SessionID Submitted.',setsid:%{matched_var},setvar:tx.sessionid=%{matched_var},skipAfter:END_SESSION_STARTUP"
SecRule SESSION:IS_NEW "@eq 1" "t:none,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/INVALID_SESSIONID-%{matched_var_name}=%{tx.0}"
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so
<IfModule security2_module>
SecRuleEngine On
SecRequestBodyAccess Off
Include conf/crs/modsecurity_crs_10_setup.conf
Include conf/crs/optional_rules/modsecurity_crs_16_session_hijacking.conf
</IfModule>
LoadModule unique\u id\u module modules/mod\u unique\u id.so
LoadModule security2_模块模块/mod_security2.so
SecRuleEngine打开
SecRequestBodyAccess关闭
包括conf/crs/modsecurity\u crs\u 10\u setup.conf
包括conf/crs/optional_rules/modsecurity_crs_16_session_jacking.conf
有没有找到解决方案?我自己也遇到过这个问题。