Difference between revisions of "HIDS 30105"
(Created page with "{{Infobox |header1= Rule 30105 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Attempt to access forbidden file or directory. }} = Description = This rule...") |
m |
||
| Line 17: | Line 17: | ||
This rule is designed to detect when your web server has prevented access to a file or directory. This can occur if the web server is configured to prevent access to this file or directory, or if the permissions on the directory or file do not allow access by the web server. | This rule is designed to detect when your web server has prevented access to a file or directory. This can occur if the web server is configured to prevent access to this file or directory, or if the permissions on the directory or file do not allow access by the web server. | ||
| − | ASL does not control or cause this behavior, it merely reports when this occurs. Therefore, if your web server is denying you access to a file or directory, please contact | + | ASL does not control or cause this behavior, it merely reports when this occurs. Therefore, if your web server is denying you access to a file or directory, please contact your web server vendor for assistance with this issue. |
ASL will not shun, by default, on these events however if you wish to have ASL block on these events please see the Tuning Advice section below. | ASL will not shun, by default, on these events however if you wish to have ASL block on these events please see the Tuning Advice section below. | ||
Latest revision as of 20:43, 13 October 2012
| Rule 30105 | |
|---|---|
| Status | Active |
| Alert Message | Attempt to access forbidden file or directory. |
Contents |
[edit] Description
This rule is triggered when ASL has detected that your web server has forbidden access to a file or directory.
This event is not triggered, caused, configured or managed by ASL.
[edit] Details
This rule is designed to detect when your web server has prevented access to a file or directory. This can occur if the web server is configured to prevent access to this file or directory, or if the permissions on the directory or file do not allow access by the web server.
ASL does not control or cause this behavior, it merely reports when this occurs. Therefore, if your web server is denying you access to a file or directory, please contact your web server vendor for assistance with this issue.
ASL will not shun, by default, on these events however if you wish to have ASL block on these events please see the Tuning Advice section below.
Disabling this rule will not prevent your web server from preventing access to this file or directory. It will simply "silence" the alert in ASL, however your web server will continue to deny access to the file or directory. We do not recommend you disable this rule.
[edit] Troubleshooting
[edit] False Positives
This rule is not caused by ASL. ASL merely reports when your web server blocks access to a file or directory
[edit] Tuning Guidance
If you wish to shun on these alerts, just set Active Response in the ASL rule manager for rule 30105 to "yes".
Disabling this rule will not prevent your web server from denying access to the file or directory. It will simply "silence" the alert in ASL. Your web server will continue to alert and/or block this activity. We do not recommend you disable this rule.
If you do not wish to see this alert, just set it to a lower level that the default in the ASL gui.
If you do not wish to be emailed on this alert, just set the rule to not email.
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.
[edit] Example log messages
[error] [client 1.2.3.4] client denied by server configuration: /home/user/public_html/favicon.ico
