Context Navigation

ScallyWhack/Rules/420005

Rule 420005: block no cookie spam, part 2

Purpose

Trac uses cookies to store session and authentication information. While rule 420004 only checks whether the POST request contains any cookie, this rule makes sure the request has one of the cookies that Trac uses.

Checks for existence of any of trac_auth, trac_session, trac_auth_session or trac_form_token cookies.

Example

--fed7a61f-A--
[27/Apr/2007:20:56:51 +0200] ssXi96wQKoYAABf1-McAAABV XX.XX.XX.XX 47926 217.24.1.134 80
--fed7a61f-B--
POST /ticket/241#preview HTTP/1.1
Host: madwifi.org
Content-Type: application/x-www-form-urlencoded
User-Agent: Opera/9.0 (Windows NT 5.1; U; en)
Pragma: no-cache
Accept: */*
Referer: http://madwifi.org/ticket/241
Expect: 100-continue
Accept-Charset: *
Accept-Encoding: deflate, gzip
TE: deflate, gzip
WAP-Connection: Stack-Type=HTTP
Cookie: $Version=0;Bearer-Type=w-TCP;wtls-security-level=none
Content-Length: 1055

--fed7a61f-C--
comment=%3Ca+href%3D+http%3A%2F%2Fave.domain.tld%2Findex.html+%3Eave.domain.tld%3C%2Fa%3E+%5Burl%3Dhttp%3A%2F%2Fave.domain.tld%2Findex.html%5Dave.domain.tld%5B%2Furl%5D%0D%0A%3Ca+href%3D+http%3A%2F%2Fpio.domain.tld%2Findex.html+%3Epio.domain.tld%3C%2Fa%3E+%5Burl%3Dhttp%3A%2F%2Fpio.domain.tld%2Findex.html%5Dpio.domain.tld%5B%2Furl%5D%0D%0A%3Ca+href%3D+http%3A%2F%2Fugo.domain.tld%2Findex.html+%3Eugo.domain.tld%3C%2Fa%3E+%5Burl%3Dhttp%3A%2F%2Fugo.domain.tld%2Findex.html%5Dugo.domain.tld%5B%2Furl%5D%0D%0A%3Ca+href%3D+http%3A%2F%2Fegle.domain.tld%2Findex.html+%3Eegle.domain.tld%3C%2Fa%3E+%5Burl%3Dhttp%3A%2F%2Fegle.domain.tld%2Findex.html%5Degle.domain.tld%5B%2Furl%5D%0D%0A%3Ca+href%3D+http%3A%2F%2Frosa.domain.tld%2Findex.html+%3Erosa.domain.tld%3C%2Fa%3E+%5Burl%3Dhttp%3A%2F%2Frosa.domain.tld%2Findex.html%5Drosa.domain.tld%5B%2Furl%5D&__FORM_TOKEN=8e52696dedb8b29522cdedb3&author=Dfhccgfh&author=Dfhccgfh&action=leave&ts=1173699229&replyto=&cnum=25&
--fed7a61f-F--
HTTP/1.1 403 Forbidden
Accept-Ranges: bytes
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

--fed7a61f-H--
Message: Access denied with code 403 (phase 1). Match of "rx (trac_(auth|session|auth_session|form_token))" against "REQUEST_COOKIES_NAMES:$Version" required. [id "420005"] [rev "1"] [msg "no Trac cookies present"]
Action: Intercepted (phase 1)
Stopwatch: 1177700211745527 29848 (1465* 1580 -)
Producer: ModSecurity v2.1.0 (Apache 2.x)
Server: Apache/2.2.3 (Debian) DAV/2 SVN/1.4.2 mod_python/3.2.10 Python/2.4.4
WebApp-Info: "trac.madwifi" "-" "-"

--fed7a61f-Z--

Protected handlers

See rule 420001.

History

rev:1: Initial version.

Download in other formats:

Plain Text