Difference between revisions of "WAF 340012"
(Created page with "'''Rule ID''' 340012 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules: Unauthorized Proxy access attempt '''Description''' Th...") |
Latest revision as of 20:50, 5 October 2011
Rule ID
340012
Status
Active rule currently published.
Alert Message
Atomicorp.com WAF Rules: Unauthorized Proxy access attempt
Description
This rule detects any attempt to use the web server as a proxy. For example, if a client attempts to send a request similar to this:
POST http://www.example.com:25/ HTTP/1.0
This is an attempt to use the webserver to contect to an SMTP server. This method (and others) are used by hackers and spammers to carry out attacks and spamming activities through "marks" or systems that are vulnerable to proxying. This deflects the blame for the attack and spamming onto the system that is acting as a proxy.
This rule prevents unauthorized proxy attempts.
False Positives
There are no known false positives for this rule. If this rule is being triggered, a client is attempting to proxy a connection through the server.
Tuning Guidance
If you know that this behavior is acceptable for your application, you can tune it by following the Tuning the Atomicorp WAF Rules guidance.
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.
