Difference between revisions of "WAF 340001"
From Atomicorp Wiki
Line 11: | Line 11: | ||
modsecurity, the WAF used, does not support Transfer Encoding, therefore it can not see or evaluate any traffic encoded in this manner. If an attack were to be encoded in this way the WAF would not catch it, therefore the WAF is configured to block this traffic. | modsecurity, the WAF used, does not support Transfer Encoding, therefore it can not see or evaluate any traffic encoded in this manner. If an attack were to be encoded in this way the WAF would not catch it, therefore the WAF is configured to block this traffic. | ||
− | '''False Positives | + | '''False Positives''' |
None. This does not have any known false positives. If it triggers it means Transfer Encoding is being used. If you allow Transfer Encoding by disabling this rule you will open your system up to attacks that ASL can not detect or prevent. | None. This does not have any known false positives. If it triggers it means Transfer Encoding is being used. If you allow Transfer Encoding by disabling this rule you will open your system up to attacks that ASL can not detect or prevent. |
Revision as of 17:15, 25 November 2009
Rule ID
340001
Alert Message
Atomicorp.com WAF Rules: Dis-allowed Transfer Encoding - modsecurity does not support this encoding and can not detect attacks using it, therefore it is blocked.
Description
modsecurity, the WAF used, does not support Transfer Encoding, therefore it can not see or evaluate any traffic encoded in this manner. If an attack were to be encoded in this way the WAF would not catch it, therefore the WAF is configured to block this traffic.
False Positives
None. This does not have any known false positives. If it triggers it means Transfer Encoding is being used. If you allow Transfer Encoding by disabling this rule you will open your system up to attacks that ASL can not detect or prevent.
Similar Rules