Difference between revisions of "WAF 330700"
(Created page with ''''Rule ID''' 330700 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules: Invalid HTTP Request Line '''Description''' This rule …') |
Latest revision as of 11:08, 29 October 2010
Rule ID
330700
Status
Active rule currently published.
Alert Message
Atomicorp.com WAF Rules: Invalid HTTP Request Line
Description
This rule is triggered if a client sends a completely invalid request line. Request lines are defined in RFC 2616.
This is an example request line that would be invalid per the RFC:
GET ????????????foo/bar HTTP/1.1
Request lines must start with a "slash" (/). So this request would be invalid, per the RFC.
This technique may be used by attackers to attempt to evade web application firewalls and application security logic to compromise a system.
False Positives
False Positive can occur if a web client sends invalid requests or if an application is designed to work in a manner that is not-RFC compliant. The later is not known to occur, as web browsers will generally not accept grossly invalid requests.
If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page.
Tuning Recommendations
If you know that this behaviour is acceptable for your application, you can tune it by disabling this rule for the application or virtual host.
If you wish to tune this rule yourself, please see the Tuning the Atomicorp WAF Rules page for basic information.
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.2.1