Update: [Tue Feb 4 00:25:09 UTC 2025]

2025-12-29 16:15:12 +00:00 · 2025-02-04 00:25:09 +00:00
parent 339a5e0350
commit 71e69a3a26
24 changed files with 2512 additions and 2512 deletions
--- a/waf_patterns/apache/fixation.conf
+++ b/waf_patterns/apache/fixation.conf
@@ -1,9 +1,9 @@
 # Apache ModSecurity rules for FIXATION
 SecRuleEngine On

-SecRule REQUEST_URI "\^\(\?:ht\|f\)tps\?://\(\.\*\?\)/" "id:1047,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "!@endsWith\ %\{request_headers\.host\}" "id:1048,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "\(\?i:\.cookieb\.\*\?;W\*\?\(\?:expires\|domain\)W\*\?=\|bhttp\-equivW\+set\-cookieb\)" "id:1045,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "@eq\ 0" "id:1050,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "\^\(\?:jsessionid\|aspsessionid\|asp\.net_sessionid\|phpsession\|phpsessid\|weblogicsession\|session_id\|session\-id\|cfid\|cftoken\|cfsid\|jservsession\|jwsession\)\$" "id:1046,phase:1,deny,status:403,log,msg:'fixation attack detected'"
-SecRule REQUEST_URI "\^\(\?:jsessionid\|aspsessionid\|asp\.net_sessionid\|phpsession\|phpsessid\|weblogicsession\|session_id\|session\-id\|cfid\|cftoken\|cfsid\|jservsession\|jwsession\)\$" "id:1049,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "\(\?i:\.cookieb\.\*\?;W\*\?\(\?:expires\|domain\)W\*\?=\|bhttp\-equivW\+set\-cookieb\)" "id:1285,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "!@endsWith\ %\{request_headers\.host\}" "id:1288,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "\^\(\?:jsessionid\|aspsessionid\|asp\.net_sessionid\|phpsession\|phpsessid\|weblogicsession\|session_id\|session\-id\|cfid\|cftoken\|cfsid\|jservsession\|jwsession\)\$" "id:1286,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "\^\(\?:jsessionid\|aspsessionid\|asp\.net_sessionid\|phpsession\|phpsessid\|weblogicsession\|session_id\|session\-id\|cfid\|cftoken\|cfsid\|jservsession\|jwsession\)\$" "id:1289,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "@eq\ 0" "id:1290,phase:1,deny,status:403,log,msg:'fixation attack detected'"
+SecRule REQUEST_URI "\^\(\?:ht\|f\)tps\?://\(\.\*\?\)/" "id:1287,phase:1,deny,status:403,log,msg:'fixation attack detected'"