HIDS 30105

From Atomicorp Wiki
Revision as of 19:42, 13 October 2012 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 30105
Status Active
Alert Message Attempt to access forbidden file or directory.

Contents

Description

This rule is triggered when ASL has detected that your web server has forbidden access to a file or directory.

This event is not triggered, caused, configured or managed by ASL.

Details

This rule is designed to detect when your web server has prevented access to a file or directory. This can occur if the web server is configured to prevent access to this file or directory, or if the permissions on the directory or file do not allow access by the web server.

ASL does not control or cause this behavior, it merely reports when this occurs. Therefore, if your web server is denying you access to a file or directory, please contact the web server vendor for assistance with this issue.

ASL will not shun, by default, on these events however if you wish to have ASL block on these events please see the Tuning Advice section below.

Disabling this rule will not prevent your web server from preventing access to this file or directory. It will simply "silence" the alert in ASL, however your web server will continue to deny access to the file or directory. We do not recommend you disable this rule.

Troubleshooting

False Positives

This rule is not caused by ASL. ASL merely reports when your web server blocks access to a file or directory

Tuning Guidance

If you wish to shun on these alerts, just set Active Response in the ASL rule manager for rule 30105 to "yes".

Disabling this rule will not prevent your web server from denying access to the file or directory. It will simply "silence" the alert in ASL. Your web server will continue to alert and/or block this activity. We do not recommend you disable this rule.

If you do not wish to see this alert, just set it to a lower level that the default in the ASL gui.

If you do not wish to be emailed on this alert, just set the rule to not email.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Example log messages

[error] [client 1.2.3.4] client denied by server configuration: /home/user/public_html/favicon.ico

Personal tools