9 May 12:14
Re: Forcing clients to enable cookies?
From: Stefan Müller-Wilken <stefan.mueller-wilken <at> resco.de>
Subject: Re: Forcing clients to enable cookies?
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-09 10:14:26 GMT
Subject: Re: Forcing clients to enable cookies?
Newsgroups: gmane.comp.apache.mod-security.user
Date: 2008-05-09 10:14:26 GMT
Thanks, Mike, for the prompt answer. >Well, in ScallyWhack I have some rules to block POST requests from clients >that have either no or not the right cookies set (see [1]); this has >proofed as a good way to block spam bots from Trac-driven sites. So yes, >basically it is possible to use mod-security for this purpose. But aren't things a little different here? You restrict your blocking rules to POST requests, thus giving the browser a chance to pick up a cookie before forcing out requests without cookies. In my case I can't do that because I don't know if applications use POSTs at all. I have to act on any kind of HTTP request. What I think I need is a way to set cookies on requests (okay, easy) and then somehow identify subsequent requests to check if the cookie is still there and act accordingly. And I don't know how to identify those subsequent requests... Cheers Stefan. Resco GmbH Geschäftsführer: Michael Mörchen Amtsgericht Hamburg, HRB 76048 Ust.Ident-Nr.:DE208833022 Haftungsausschluss: Diese Nachricht ist ausschließlich für die Person oder Einheit bestimmt, an die sie gerichtet ist. Sie enthält unter Umständen Informationen, die unter geltendem Recht vertraulich, gesetzlich geschützt oder von der Offenlegung ausgeschlossen sind. Falls Sie nicht der vorgesehene Empfänger oder verantwortlich für die Weiterleitung dieser Nachricht an den vorgesehenen Empfänger sind, ist es Ihnen strengstens untersagt, diese Nachricht offenzulegen, zu verteilen, zu kopieren oder in irgendeiner Art zu benutzen. Sollten Sie diese Nachricht versehentlich erhalten haben, benachrichtigen Sie bitte den Absender und löschen und vernichten Sie jegliche Kopie davon, die Sie möglicherweise erhalten haben. Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
RSS Feed