WAF 390709
Status: Active | |
---|---|
Alert Message: Atomicorp.com WAF Rules: Attempt to access protected file remotely |
Contents |
Description
This rule detects when a protected file is accessed remotely. This rule specifically protects sensitive OS and application configuration files, such as webserver configuration files, operating system configuration files, password files, and command history files.
Troubleshooting
False Positives
A false positive can occur when an application legitimately requires access to these files. The rules contain a large library of known web applications and safe methods for access these highly sensitive files, and can detect known safe methods and ignore them. However it is possible for a new or custom application to do this in an unknown manner and incorrectly trigger this rule.
It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Tuning Guidance
If you know that this behavior is acceptable for your application, you can either disable the rule for the domain, or you can disable it for the application. Please see the Tuning the Atomicorp WAF Rules page for basic information.
Additional Information
Similar Rules
Knowledge Base Articles
None.
Outside References
None.
Notes
None.