Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Cookie parsing added

Now you can analyse cookies using new selective filtering variables (COOKIE_name, COOKIE_NAMES, COOKIE_VALUES). Even before this change it was possible to look at cookies (as cookies are just HTTP headers) but the functionality was limited. ModSecurity now parses cookies for you.

Let's say you wanted to prevent XSS attacks via the PHP session cookie; this filter would make sure the cookie is in order:

SecFilterSelective COOKIE_PHPSESSID "^[0-9a-z]+$"

COOKIE_NAMES and COOKIE_VALUES will examine all cookie names and values, respectively.