Difference between revisions of "WAF 300034"
(Created page with "'''Rule ID''' 300034 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules: Possible Spam or Malware: URL to temporary directory '''D...") |
Latest revision as of 13:14, 27 June 2011
Rule ID
300034
Status
Active rule currently published.
Alert Message
Atomicorp.com WAF Rules: Possible Spam or Malware: URL to temporary directory
Description
This rule detects posts that contain links to temporary directories commonly used by CMS systems, blogs and other content management systems. These systems do not generally link to objects in these directories, however attackers and spammers will often hide objects, malware, spamming tools and graphics in these directories. This rule specific looks for content in directories such as:
/wp-content/uploads/ /wp-content/uploads| /wp-content/themes /wp-content/gallery /blogs/templates
False Positives
A false positive can occur when an application legitimately uses these directories. The rules contain a large library of known web applications that use these directories, and can detect these conditions and will allow them. However it is possible for a new or custom application to do this in an unknown manner and incorrectly trigger this rule.
It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Tuning Guidance
Please see the Tuning the Atomicorp WAF Rules page for basic tuning guidance.
Similar Rules
Knowledge Base Articles
None.
Outside References
None.