描述:创建,删除和更新Apache可以访问的环境变量。


所属动作组:非阻断性动作


版本:2.x


libModSecurity支持:TBI


例子:


SecRule RESPONSE_HEADERS:/Set-Cookie2?/ "(?i:(j?sessionid|(php)?sessid|(asp|jserv|jw)?session[-_]?(id)?|cf(id|token)|sid))" "phase:3,t:none,pass,id:139,nolog,setvar:tx.sessionid=%{matched_var}"

SecRule TX:SESSIONID "!(?i:\;? ?httponly;?)" "phase:3,id:140,t:none,setenv:httponly_cookie=%{matched_var},pass,log,auditlog,msg:'AppDefect: Missing HttpOnly Cookie Flag.'"


Header set Set-Cookie "%{httponly_cookie}e; HTTPOnly" env=httponly_cookie

注意:在链中使用时,此操作将在单个规则匹配时执行,而不是整个链。



Created with the Personal Edition of HelpNDoc: Easy EPub and documentation editor