Difference between revisions of "WAF 331030"
From Atomicorp Wiki
(Created page with "{{Infobox |header1= Rule 331030 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Atomicorp.com WAF Rules: Suspicious activity detected - HTTP Request Missing...") |
Revision as of 19:46, 3 September 2013
Rule 331030 | |
---|---|
Status | Active |
Alert Message | Atomicorp.com WAF Rules: Suspicious activity detected - HTTP Request Missing a Host Header |
Contents |
Description
This rule is triggered when a connection does not use a Host: header. This can happen in one of two ways:
- A client connects directly to the IP address of the system (localhost connections are ignored)
- A client directly connects to the HTTP port, and does not request resources from any domain hosted on the system
This rule does not block. It merely reports when this occurs. If you wish to shun these events, just set Active Response in the ASL rule manager for rule 331030 to "yes".
Troubleshooting
False Positives
There are no known false positives with this rule. The rule looks for when the Host: header is missing.
Attackers will sometimes connect to the IP address on the system when they do not know what domains or hosts are hosted on the system.
Tuning Guidance
Please see the Tuning the Atomicorp WAF Rules page for more information if you wish to disable or modify this rule.
Additional Information
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.