Difference between revisions of "WAF 340152"
m |
m |
||
(One intermediate revision by one user not shown) | |||
Line 9: | Line 9: | ||
'''Description''' | '''Description''' | ||
− | This is not a triggered rule, but a rule that is triggered | + | This is not a triggered rule, but a rule that is triggered when a multi-part message can not be assembled correctly. Typically this is caused when a multipart/request-data parser or XML parser fails to properly parse a request payload, generally because of either a broken client or client library, or a broken or corrupt request. |
− | This is not a false positive, it seemly means that your application or client | + | This is not a false positive, it seemly means that your application or client is creating multi-part messages that can not be assembled, either by ModSecurity or by the application. Check your applicant or client for the cause of this error and ensure that multipart messages are being sent and generated correctly. |
− | It is not recommended you disable this rule. Doing so will leave your system open to [[impedance mismatch attacks]]. It is possible, for example, that a payload that cannot be parsed by ModSecurity can be successfully parsed by a more tolerant parser operating in the application. Therefore an attack could be | + | It is not recommended you disable this rule. Doing so will leave your system open to [[impedance mismatch attacks]]. It is possible, for example, that a payload that cannot be parsed by ModSecurity can be successfully parsed by a more tolerant parser operating in the application. Therefore an attack could be passed through without detection. |
'''False Positives''' | '''False Positives''' |
Latest revision as of 11:37, 7 May 2012
Rule ID
340152
Alert Message
Request Body Parsing Failed. <ERROR MESSAGE FOR YOUR SYSTEM>: check your application or client for errors, this is not a false positive.
Description
This is not a triggered rule, but a rule that is triggered when a multi-part message can not be assembled correctly. Typically this is caused when a multipart/request-data parser or XML parser fails to properly parse a request payload, generally because of either a broken client or client library, or a broken or corrupt request.
This is not a false positive, it seemly means that your application or client is creating multi-part messages that can not be assembled, either by ModSecurity or by the application. Check your applicant or client for the cause of this error and ensure that multipart messages are being sent and generated correctly.
It is not recommended you disable this rule. Doing so will leave your system open to impedance mismatch attacks. It is possible, for example, that a payload that cannot be parsed by ModSecurity can be successfully parsed by a more tolerant parser operating in the application. Therefore an attack could be passed through without detection.
False Positives
There are no known False Positives for this rule.
Similar Rules
Outside References