Difference between revisions of "WAF 300001"
m (Created page with "'''Rule ID''' 300001 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules: Blacklist Spam Domain '''Description''' This rule dete...") |
Revision as of 00:02, 26 July 2011
Rule ID
300001
Status
Active rule currently published.
Alert Message
Atomicorp.com WAF Rules: Blacklist Spam Domain
Description
This rule detects if a domain is on the spam blacklist. These are domains that have been used to spam either honeypots operated by Atomicorp or other trusted sources.
This rules work by detecting the use of a the domain in an argument.
False Positives
A false positive can occur when a domain is not bounded, due to the parallel matching technique used to do the blocklist searches, or if a domain has previously been used to spam and is no longer engaging in this activity.
It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Tuning Guidance
If you know that this behavior is acceptable for your application, please see the Tuning the Atomicorp WAF Rules page for basic information.
Similar Rules
Knowledge Base Articles
https://www.atomicorp.com/wiki/index.php/ASL_FAQ#How_are_spam_domains_added.3F
https://www.atomicorp.com/wiki/index.php/ASL_FAQ#How_are_spam_domains_aged_out.3F
https://www.atomicorp.com/wiki/index.php/ASL_FAQ#Do_you_use_third_party_spam_domain_lists.3F
Outside References
None.