Difference between revisions of "WAF 303800"
m (→False Positives) |
|||
| (One intermediate revision by one user not shown) | |||
| Line 15: | Line 15: | ||
For ASL users, if you enable the option below, ASL will automatically and dynamically whitelist the real google webcrawler from all WAF events: | For ASL users, if you enable the option below, ASL will automatically and dynamically whitelist the real google webcrawler from all WAF events: | ||
| − | https:// | + | https://wiki.atomicorp.com/wiki/index.php/ASL_WAF#WAF_LUA_00_SEARCHENGINE |
= Troubleshooting = | = Troubleshooting = | ||
| Line 21: | Line 21: | ||
== False Positives == | == False Positives == | ||
| − | There are no known false positives with this rule. Please do not report this as a false positive if you are using a proxy, CDN or other similar service and your web server is not setup per this article: https://www.atomicorp.com/wiki/index.php/Proxy | + | There are no known false positives with this rule. '''Please do not report this as a false positive if you are using a proxy, CDN or other similar service and your web server is not setup per this article''': https://www.atomicorp.com/wiki/index.php/Proxy |
If you have confirmed your webserver is setup correctly, per the article above, and you have performed the troubleshooting in that article, and still believe this is a false positive, please report this following the process at the link below: | If you have confirmed your webserver is setup correctly, per the article above, and you have performed the troubleshooting in that article, and still believe this is a false positive, please report this following the process at the link below: | ||
Latest revision as of 13:45, 24 August 2020
| Rule 303800 | |
|---|---|
| Status | Active |
| Alert Message | Atomicorp.com WAF Rules: Fake Googlebot webcrawler |
Contents |
[edit] Description
This exclusive capability in the Atomicorp ruleset can detect when a client pretends to be the google webcrawler. This helps to detect and block potential zero day and other supsicious behavior. Attacks have been know to impersonate webcrawlers to trick naive applications that blinding trust webcrawlers. They use this method to gain access that would otherwise be blocked to non-crawlers.
This will not block the real google webcrawler. We do not recommend you disable this rule.
For ASL users, if you enable the option below, ASL will automatically and dynamically whitelist the real google webcrawler from all WAF events:
https://wiki.atomicorp.com/wiki/index.php/ASL_WAF#WAF_LUA_00_SEARCHENGINE
[edit] Troubleshooting
[edit] False Positives
There are no known false positives with this rule. Please do not report this as a false positive if you are using a proxy, CDN or other similar service and your web server is not setup per this article: https://www.atomicorp.com/wiki/index.php/Proxy
If you have confirmed your webserver is setup correctly, per the article above, and you have performed the troubleshooting in that article, and still believe this is a false positive, please report this following the process at the link below:
https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives
And be sure to also include the troubleshooting steps you took to ensure your proxy and/or CDN is setup correctly to use these rules. If you are unable to do this troubleshooting yourself, please let us know and we would be happy to have our professional services team put a quote together for you and take care of this for you.
[edit] Tuning Guidance
Please see the Tuning the Atomicorp WAF Rules page for more information if you wish to disable or modify this rule.
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.
