Difference between revisions of "WAF 330790"
m |
m |
||
(4 intermediate revisions by one user not shown) | |||
Line 13: | Line 13: | ||
'''Description''' | '''Description''' | ||
− | This rule reports when apache reports a critical error | + | '''This event is not caused by the rules, ASL or modsecurity.''' This rule simply reports when apache reports a critical error with a request, such as an Invalid URI. This rule does not cause this error, therefore disabling this rule will not prevent apache from rejecting these requests, nor will it prevent apache from reporting these errors. This is just a reporting rule that reports when apache has rejected the request. The rule does not cause this event, it simply reports it. |
− | + | '''How the rule works''' | |
− | This rule exists to log this event for other parts of [[ASL]] to use to respond to this event, should it be at attack. | + | The rule looks for errors from apache. When it sees a critical error, it will report that apache has sent an error message to the client. Sometimes this may indicate a special type of attack has occured, or it could just be an invalid requests to the system. This rule runs at phase 5, which is a "post" phase. "Post" phases occur after apache has taken whatever actions it may take (including serving the content, or rejecting a request for it). In most cases when you see this rule triggered, it means that apache has rejected the request as invalid to the client. A 400 Bad Request error is the most common, but other errors are also possible. |
+ | |||
+ | This rule exists to log this event for other parts of [[ASL]] to use to respond to this event, should it be at attack. Disabling this rule will not prevent these errors, as the rule does not cause them. It simply reports that apache has generated an error. | ||
'''False Positives''' | '''False Positives''' | ||
− | False positives with this rule are not possible. The rule does not cause this event, nor will disabling it prevent apache from generating these errors. If this occurs, it means apache, and not mod_security, has generating an error with the request. You will want to discuss the actual apache error with your client, application developer, integrator and/or apache vendor. This is not a mod_security or [[ASL]] caused event. | + | False positives with this rule are not possible. The rule does not cause this event, nor will disabling it prevent apache from generating these errors. '''If this occurs, it means apache, and not mod_security, has generating an error with the request.''' You will want to discuss the actual apache error with your client, application developer, integrator and/or apache vendor. This is not a mod_security or [[ASL]] caused event. |
'''Tuning Guidance''' | '''Tuning Guidance''' |
Latest revision as of 11:44, 7 June 2012
Rule ID
330790
Status
Active rule currently published.
Alert Message
Apache Error: Invalid URI in Request
Description
This event is not caused by the rules, ASL or modsecurity. This rule simply reports when apache reports a critical error with a request, such as an Invalid URI. This rule does not cause this error, therefore disabling this rule will not prevent apache from rejecting these requests, nor will it prevent apache from reporting these errors. This is just a reporting rule that reports when apache has rejected the request. The rule does not cause this event, it simply reports it.
How the rule works
The rule looks for errors from apache. When it sees a critical error, it will report that apache has sent an error message to the client. Sometimes this may indicate a special type of attack has occured, or it could just be an invalid requests to the system. This rule runs at phase 5, which is a "post" phase. "Post" phases occur after apache has taken whatever actions it may take (including serving the content, or rejecting a request for it). In most cases when you see this rule triggered, it means that apache has rejected the request as invalid to the client. A 400 Bad Request error is the most common, but other errors are also possible.
This rule exists to log this event for other parts of ASL to use to respond to this event, should it be at attack. Disabling this rule will not prevent these errors, as the rule does not cause them. It simply reports that apache has generated an error.
False Positives
False positives with this rule are not possible. The rule does not cause this event, nor will disabling it prevent apache from generating these errors. If this occurs, it means apache, and not mod_security, has generating an error with the request. You will want to discuss the actual apache error with your client, application developer, integrator and/or apache vendor. This is not a mod_security or ASL caused event.
Tuning Guidance
None.
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.