WAF 392149

From Atomicorp Wiki
Jump to: navigation, search
Rule 392149
Status Active
Alert Message Atomicorp.com WAF Rules: Possible compromised website detected and 404 sent to user


[edit] Description

Note: By default this rule, when used with ASL, does not block the users IP address or any future connections. It alerts, and sends the user a 404 error.

This rule detects when a webpage may have been compromised or replaced with a malicious copy. This rule will prevent the webpage from being shown to the user, and will send them a 404.

If you do not want to be alerted to these cases, simply disable the rule.

If you wish to block these connections, just set this rule to Active Response in the ASL rule manager. We do not recommend you block on this type of event, as this may also block innocent users.

[edit] Troubleshooting

[edit] False Positives


[edit] Tuning Guidance

If you know that this behavior is acceptable for your application, you can either disable the rule for the server, or you can disable it for the application. Because this type of request is to the systems IP address, you can not disable this type of rule for a domain, as these types of requests are to the systems IP.

Please see the Tuning the Atomicorp WAF Rules page for basic information.

[edit] Additional Information

[edit] Similar Rules


[edit] Knowledge Base Articles


[edit] Outside References


[edit] Notes


Personal tools