Hi,
I would like to know how easy it would be to change the name of the user cookie?
The reason being we have recently deployed a WAF in front of our mailman web instances and although its in detection mode (not prevention yet) it is picking up the mailman user cookie as containing SQL Injection or rather a SQL Comment.
The WAF uses OWASP 3.0 rules and the rule matched is 942440.
Mailman sets a cookie name in the form list+user+email--at--domain and its that “--at” that is detected as SQL Comment; I really don’t want to disable the rule and applying an ignore rule within the WAF doesn’t work.
If someone could let me know, yes its possible that would be great. Actually if someone could say look at this file and that file that would be a great help too.
I don’t know python, but I am a web developer (.Net).
Many thanks
Chris