Difference between revisions of "WAF 340002"
(Created page with ''''Rule ID''' 340002 '''Alert Message''' Atomicorp.com WAF Rules: TRACE/TRACK method denied '''Description''' TRACE and TRACK are valid HTTP methods used to do low leveā¦') |
Latest revision as of 17:15, 25 November 2009
Rule ID
340002
Alert Message
Atomicorp.com WAF Rules: TRACE/TRACK method denied
Description
TRACE and TRACK are valid HTTP methods used to do low level debugging of web applications by echoing back input back to the connecting system or user. TRACE and TRACK can be used to steal cookies or other website credentials.
False Positives
If you use this method this rule can be triggered. It is almost never used legitimately and should always be disabled on Internet facing systems or systems that may receive traffic from potentially hostile users or systems.
Similar Rules
WAF_340361 - This rule disables the CONNECT method. Although for a different reason, the rules are very similar.
Outside References
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf