WAF 340002

From Atomicorp Wiki
Jump to: navigation, search

Rule ID


Alert Message

Atomicorp.com WAF Rules: TRACE/TRACK method denied


TRACE and TRACK are valid HTTP methods used to do low level debugging of web applications by echoing back input back to the connecting system or user. TRACE and TRACK can be used to steal cookies or other website credentials.

False Positives

If you use this method this rule can be triggered. It is almost never used legitimately and should always be disabled on Internet facing systems or systems that may receive traffic from potentially hostile users or systems.

Similar Rules

WAF_340361 - This rule disables the CONNECT method. Although for a different reason, the rules are very similar.

Outside References


Personal tools