Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/250.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/6/apache/9.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Apache/PHP mod_安全性:会话劫持与会话_start()的误报_Php_Apache_Mod Security - Fatal编程技术网
Fatal编程技术网
  • php/
  • Apache/PHP mod_安全性:会话劫持与会话_start()的误报

Apache/PHP mod_安全性:会话劫持与会话_start()的误报

php apache

Apache/PHP mod_安全性:会话劫持与会话_start()的误报,php,apache,mod-security,Php,Apache,Mod Security,我在用这个。似乎有一个假阳性 index.php if( session_id() == '' ) session_start(); 头请求 错误。日志 [Mon Apr 28 20:11:37.346379 2014] [:error] [pid 5312:tid 1700] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:

我在用这个。似乎有一个假阳性

index.php

if( session_id() == '' )
    session_start();
头请求

错误。日志

[Mon Apr 28 20:11:37.346379 2014] [:error] [pid 5312:tid 1700] [client 127.0.0.1] ModSecurity: Access denied with code 403 (phase 1). 
Operator EQ matched 1 at SESSION:IS_NEW. [file "C:/apache/conf/crs/optional_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.test.com"] [uri "/"] [unique_id "U16Z2cCoAQkAABTAnDUAAACV"]
modsecurity\u crs\u 16\u session\u jacking.conf

SecRule REQUEST_COOKIES:'/(j?sessionid|(php)?sessid|(asp|jserv|jw)?session[-_]?(id)?|cf(id|token)|sid)/' ".*" "chain,phase:1,id:'981054',t:none,block,log,msg:'Invalid SessionID Submitted.',setsid:%{matched_var},setvar:tx.sessionid=%{matched_var},skipAfter:END_SESSION_STARTUP"
    SecRule SESSION:IS_NEW "@eq 1" "t:none,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/INVALID_SESSIONID-%{matched_var_name}=%{tx.0}"

LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so

<IfModule security2_module>
    SecRuleEngine On
    SecRequestBodyAccess Off

    Include conf/crs/modsecurity_crs_10_setup.conf
    Include conf/crs/optional_rules/modsecurity_crs_16_session_hijacking.conf
</IfModule>
httpd.conf

SecRule REQUEST_COOKIES:'/(j?sessionid|(php)?sessid|(asp|jserv|jw)?session[-_]?(id)?|cf(id|token)|sid)/' ".*" "chain,phase:1,id:'981054',t:none,block,log,msg:'Invalid SessionID Submitted.',setsid:%{matched_var},setvar:tx.sessionid=%{matched_var},skipAfter:END_SESSION_STARTUP"
    SecRule SESSION:IS_NEW "@eq 1" "t:none,setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},setvar:tx.%{rule.id}-WEB_ATTACK/INVALID_SESSIONID-%{matched_var_name}=%{tx.0}"

LoadModule unique_id_module modules/mod_unique_id.so
LoadModule security2_module modules/mod_security2.so

<IfModule security2_module>
    SecRuleEngine On
    SecRequestBodyAccess Off

    Include conf/crs/modsecurity_crs_10_setup.conf
    Include conf/crs/optional_rules/modsecurity_crs_16_session_hijacking.conf
</IfModule>

LoadModule unique\u id\u module modules/mod\u unique\u id.so
LoadModule security2_模块模块/mod_security2.so
SecRuleEngine打开
SecRequestBodyAccess关闭
包括conf/crs/modsecurity\u crs\u 10\u setup.conf
包括conf/crs/optional_rules/modsecurity_crs_16_session_jacking.conf
有没有找到解决方案?我自己也遇到过这个问题。