|Alert Message||Atomicorp.com WAF Rules: Possible compromised website detected and 404 sent to user|
Note: By default this rule, when used with ASL, does not block the users IP address or any future connections. It alerts, and sends the user a 404 error.
This rule detects when a webpage may have been compromised or replaced with a malicious copy. This rule will prevent the webpage from being shown to the user, and will send them a 404.
If you do not want to be alerted to these cases, simply disable the rule.
If you wish to block these connections, just set this rule to Active Response in the ASL rule manager. We do not recommend you block on this type of event, as this may also block innocent users.
 False Positives
 Tuning Guidance
If you know that this behavior is acceptable for your application, you can either disable the rule for the server, or you can disable it for the application. Because this type of request is to the systems IP address, you can not disable this type of rule for a domain, as these types of requests are to the systems IP.
Please see the Tuning the Atomicorp WAF Rules page for basic information.
 Additional Information
 Similar Rules
 Knowledge Base Articles
 Outside References