HIDS 60128
From Atomicorp Wiki
| Rule 60128 | |
|---|---|
| Status | Active |
| Alert Message | Denied an untrusted non system library binary from hooking an application |
Contents |
[edit] Description
This event is not caused by ASL. ASL is just reporting when apache has rejected a request with a "Forbidden" 403 error message.
This rule is triggered when apache blocks a request as forbidden, and sends a 403 error. This is not caused by ASL, or any other rule. This rule just reports when apache has blocked a request.
You should investigate this event as it may be part of a broader attack.
[edit] Troubleshooting
[edit] False Positives
None. This rule just reports when apache has blocked a request. This block is not caused by this rule, any other rule, or ASL. Disabling this rule will not prevent apache from blocking these requests, it will just prevent ASL from reporting that this has happened.
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
