Showing 3 results for: 2008 ×ModSecurity Rules ×

Fixing Both Missing HTTPOnly and Secure Cookie Flags

In a previous post I showed how you can use both ModSecurity and Apache together to identify/modify SessionIDs that are missing the HTTPOnly flag. I received some feedback where people were asking how to accomplish the same thing but for...

Three ModSecurity Rule Language Annoyances

There are three aspects of the ModSecurity Rule Language we are not very happy with. One comes from a wrong design decision (my own), with further two from constraints of working within the framework of Apache. All three break the...

Set-based Pattern Matching Example

Large Wordlist Example You will find the greatest benefit of using the set based matching opertors when you have a requirement to look for an extremely large word list in the variable data. A perfect example of this is if...