Rule 420004: block no cookie spam, part 1

Purpose

Trac uses cookies to store session and authentication information. Since Trac 0.10.1 cookies are required in order to submit content in a POST request.

Blocking cookie-less POST requests even for older versions makes ScallyWhack more restrictive than older Trac versions. On the other hand the authors of Trac started to require cookie support in order to harden Trac against cross-site request forgery. So this rule "backports" that kind of protection to older versions of Trac.

In addition it's a good way to sort out spam bots.

Example

--04019903-A--
[24/Apr/2007:19:46:48 +0200] XrG5h6wQKoYAADJLs3oAAAAX XX.XX.XX.XX 3060 217.24.1.134 80
--04019903-B--
POST /ticket/24#preview HTTP/1.0
Host: madwifi.org
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/msword, */*
Connection: Close
Referer: http://madwifi.org/ticket/24#preview
Content-Length: 954

--04019903-C--
author=ffugmihezi&comment=%3Ca+href%3Dhttp%3A%2F%2Fwww.domain.tld%2Fsexymaturewomen%3Esexy+mature+women%3C%2Fa%3E+sexy+mature+women+http%3A%2F%2Fwww.domain.tld%2Fsexymaturewomen+sexy+mature+women+%0D%0A%3Ca+href%3Dhttp%3A%2F%2Fwww.domain.tld%2Ffreehairypussy%3Efree+hairy+pussy%3C%2Fa%3E+free+hairy+pussy+http%3A%2F%2Fwww.domain.tld%2Ffreehairypussy+free+hairy+pussy+%0D%0A%3Ca+href%3Dhttp%3A%2F%2Fwww.domain.tld%2Fmemberdateien%2Fmembers%2Fnakedblackwome%3Enaked+black+women%3C%2Fa%3E+naked+black+women+http%3A%2F%2Fwww.domain.tld%2Fmemberdateien%2Fmembers%2Fnakedblackwome+naked+black+women+%0D%0A%3Ca+href%3Dhttp%3A%2F%2Fwww.domain.tld%3Ebig+booty+black+girls%3C%2Fa%3E+big+booty+black+girls+http%3A%2F%2Fwww.domain.tld+big+booty+black+girls+%0D%0A%3Ca+href%3Dhttp%3A%2F%2Fwww.domain.tld%3Ehot+wet+pussy%3C%2Fa%3E+hot+wet+pussy+http%3A%2F%2Fwww.domain.tld+hot+wet+pussy&action=leave&ts=1148051038&preview=
--04019903-F--
HTTP/1.1 403 Forbidden
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=UTF-8

--04019903-H--
Message: Access denied with code 403 (phase 1). Operator EQ match: 0. [id "420004"] [rev "1"] [msg "client has cookies disabled"]
Action: Intercepted (phase 1)
Stopwatch: 1177436808132999 349276 (336259* 336415 -)
Producer: ModSecurity v2.1.0 (Apache 2.x)
Server: Apache/2.2.3 (Debian) DAV/2 SVN/1.4.2 mod_python/3.2.10 Python/2.4.4
WebApp-Info: "trac.madwifi" "-" "-"

--04019903-Z--

Protected handlers

See rule 420001.

See also

• Changeset 4135 makes cookie support mandatory for form submissions
• Spam type description: no cookie spam

History

rev:1

Initial version.