Active rule currently published.
Atomicorp.com WAF Rules: Unauthorized Proxy access attempt
This rule detects any attempt to use the web server as a proxy. For example, if a client attempts to send a request similar to this:
POST http://www.example.com:25/ HTTP/1.0
This is an attempt to use the webserver to contect to an SMTP server. This method (and others) are used by hackers and spammers to carry out attacks and spamming activities through "marks" or systems that are vulnerable to proxying. This deflects the blame for the attack and spamming onto the system that is acting as a proxy.
This rule prevents unauthorized proxy attempts.
There are no known false positives for this rule. If this rule is being triggered, a client is attempting to proxy a connection through the server.
If you know that this behavior is acceptable for your application, you can tune it by following the Tuning the Atomicorp WAF Rules guidance.
Knowledge Base Articles