WAF 300182

From Atomicorp Wiki
Revision as of 14:41, 4 March 2012 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

300182

Status

Active rule currently published.

Alert Message

Atomicorp.com WAF Rules: Possible Spam: Mixed URL posting types - possible spam

Description

This rule detects mixed URL posting types that some forums, content management systems, guestbooks, blogs and other web application support. For example, a web application may support the tag "url" or it may support the tag "link" which is used to allow a user to either hyperlink some text, or to designate a URL as "clickable" to the end user. No product is known to support both types, they either support "link" or "url", but not both.

Spammers will often try to post links blindly to a forum, blog or other public site or comment system using both tag types in the hopes that the application will support one, or the other tag. As most we applications will just ignore the invalid type, this method of spamming is very effective.

This rules works by detecting when a post contains both types of link tags.

False Positives

A false positive can occur when an application legitimately supports both types. No known web application supports both types.

A false positive can also occur if a user accidentally, or deliberately uses both types of markup not knowing which the application supports.

It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Tuning Guidance

If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL. Please see the Tuning the Atomicorp WAF Rules page for basic information.

Similar Rules

WAF_300282

Knowledge Base Articles

None.

Outside References

None.

Personal tools