Difference between revisions of "WAF 397678"
(Created page with "'''Rule ID''' 397678 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempt to access insecur...") |
m |
||
| Line 9: | Line 9: | ||
'''Alert Message''' | '''Alert Message''' | ||
| − | + | Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to unauthenticated BackupBuddy backup file. Not blocked. | |
| − | Atomicorp.com WAF Rules - Virtual Just In Time Patch: | + | |
'''Description''' | '''Description''' | ||
| − | This rule detects if someone attempts to access a Backbuddy backup. Backupbuddy does not authenticate access requests to backups, and | + | This rule detects if someone attempts to access a Backbuddy backup. Backupbuddy does not authenticate access requests to backups, and attackers can access a backup by either guessing the backup files name, which uses a standard format, or accessing the backups directory (if the server is so configured to allow access). |
| + | |||
| + | By default ASL does not block this action, it just alerts that it has occurred. If you wish to block this activity log into ASL and configure rule 64277 for active response. | ||
'''False Positives''' | '''False Positives''' | ||
Latest revision as of 13:32, 11 September 2012
Rule ID
397678
Status
Active rule currently published.
Alert Message
Atomicorp.com WAF Rules - Virtual Just In Time Patch: Access to unauthenticated BackupBuddy backup file. Not blocked.
Description
This rule detects if someone attempts to access a Backbuddy backup. Backupbuddy does not authenticate access requests to backups, and attackers can access a backup by either guessing the backup files name, which uses a standard format, or accessing the backups directory (if the server is so configured to allow access).
By default ASL does not block this action, it just alerts that it has occurred. If you wish to block this activity log into ASL and configure rule 64277 for active response.
False Positives
This rule blocks users from using BackupBuddy in an insecure manner. If you wish to allow your users to do this, disable this rule.
Tuning Guidance
If you you believe this is a false positive, please submit it to our support team. The process for submitting false positives is documented on the Reporting False Positives page.
Similar Rules
Knowledge Base Articles
None.
Outside References
None.
