Difference between revisions of "WAF 301311"
From Atomicorp Wiki
(Created page with "{{Infobox |header1= Rule 301311 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Atomicorp.com WAF AntiSpam Rules: Spam: Session Splitting Spam Attempt }} = ...") |
Latest revision as of 18:52, 28 October 2012
Rule 301311 | |
---|---|
Status | Active |
Alert Message | Atomicorp.com WAF AntiSpam Rules: Spam: Session Splitting Spam Attempt |
Contents |
[edit] Description
This rules detects when a client attempts, and fails to issue what is sometimes referred to as a "session splitting" attack. This type of attack attempts to trick the web server into thinking its serving one request, when its serving another. This attack method is also used to try and trick a WAF into not looking at the second, or "real" request which includes the real payload and attack.
This particular rule catches a method that spammers use to try and post spam to a website, and sometimes to register with a forum, blog, CMS or other web application that requires registration.
[edit] Troubleshooting
[edit] False Positives
None. This rule only detects completely invalid requests, there is no known legitmiate action that would trigger this rule.
[edit] Tuning Guidance
None.
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.
[edit] Notes
None.