WAF 392149
Rule 392149 | |
---|---|
Status | Active |
Alert Message | Atomicorp.com WAF Rules: Possible compromised website detected and 404 sent to user |
Contents |
Description
Note: By default this rule, when used with ASL, does not block the users IP address or any future connections. It alerts, and sends the user a 404 error.
This rule detects when a webpage may have been compromised or replaced with a malicious copy. This rule will prevent the webpage from being shown to the user, and will send them a 404.
If you do not want to be alerted to these cases, simply disable the rule.
If you wish to block these connections, just set this rule to Active Response in the ASL rule manager. We do not recommend you block on this type of event, as this may also block innocent users.
Troubleshooting
False Positives
None.
Tuning Guidance
If you know that this behavior is acceptable for your application, you can either disable the rule for the server, or you can disable it for the application. Because this type of request is to the systems IP address, you can not disable this type of rule for a domain, as these types of requests are to the systems IP.
Please see the Tuning the Atomicorp WAF Rules page for basic information.
Additional Information
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.
Notes
None.