Hello, in Czech republic, Seznam.cz is the biggest search engine beside Google.
I see it was blocked by the Comodo Mod Security rule with severity “CRITICAL”. As a noob, i do not see any critical danger out of this robot visit. And also see no problem with SessionID being visited directly. Some CMS is “wrongly” programmed to show session ID and when someone copy the address bar URL with session ID and publish it somewhere, then innocent visitors will be blocked?
--fbfe0225-A-- [07/Sep/2017:09:58:52 +0000] WbEYXJteQx0AAGjlsIkAAAAW 77.75.77.95 28206 1.2.3.4 80 --fbfe0225-B-- GET /forum/index.php?PHPSESSID=02d4b5571c0423ad0cd907aaebe712b0&action=help;area=board_index HTTP/1.1 Host: www.mydomainhere.com Accept: */* Accept-Language: cs User-Agent: Mozilla/5.0 (compatible; SeznamBot/3.2; +http://napoveda.seznam.cz/en/seznambot-intro/) Accept-Encoding: gzip, deflate If-Modified-Since: Sat, 19 Aug 2017 05:48:33 GMT Connection: keep-alive–fbfe0225-F–
HTTP/1.1 403 Forbidden
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 119
Keep-Alive: timeout=8, max=170
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1–fbfe0225-E–
–fbfe0225-H–
Message: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file “/usr/local/apache/conf/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf”] [line “47”] [id “211180”] [rev “2”] [msg “COMODO WAF: Session Fixation: SessionID Parameter Name with No Referer||www.mydomainhere.com|F|2”] [data “Matched Data: phpsessid found within REQUEST_HEADERS: 0”] [severity “CRITICAL”] [tag “CWAF”] [tag “Generic”]
Action: Intercepted (phase 2)
Apache-Handler: application/x-httpd-php5
Stopwatch: 1504778332555468 35457 (- - -)
Stopwatch2: 1504778332555468 35457; combined=983, p1=650, p2=177, p3=0, p4=0, p5=117, sr=75, sw=39, l=0, gc=0
Response-Body-Transformed: Dechunked
Producer: ModSecurity for Apache/2.9.0 (http://www.modsecurity.org/); CWAF_Apache.
Server: Apache
Engine-Mode: “ENABLED”–fbfe0225-Z-- :P0l