Difference between revisions of "WAF 300182"
(Created page with "'''Rule ID''' 300182 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules: Possible Spam: Mixed URL posting types - possible spam ...") |
Latest revision as of 14:41, 4 March 2012
Rule ID
300182
Status
Active rule currently published.
Alert Message
Atomicorp.com WAF Rules: Possible Spam: Mixed URL posting types - possible spam
Description
This rule detects mixed URL posting types that some forums, content management systems, guestbooks, blogs and other web application support. For example, a web application may support the tag "url" or it may support the tag "link" which is used to allow a user to either hyperlink some text, or to designate a URL as "clickable" to the end user. No product is known to support both types, they either support "link" or "url", but not both.
Spammers will often try to post links blindly to a forum, blog or other public site or comment system using both tag types in the hopes that the application will support one, or the other tag. As most we applications will just ignore the invalid type, this method of spamming is very effective.
This rules works by detecting when a post contains both types of link tags.
False Positives
A false positive can occur when an application legitimately supports both types. No known web application supports both types.
A false positive can also occur if a user accidentally, or deliberately uses both types of markup not knowing which the application supports.
It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Tuning Guidance
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL. Please see the Tuning the Atomicorp WAF Rules page for basic information.
Similar Rules
Knowledge Base Articles
None.
Outside References
None.