[edit] Description

Note: By default this rule, when used with ASL, does not block the users IP address or any future connections. It alerts, and sends the user a 404 error.

This rule detects when a webpage may have been compromised or replaced with a malicious copy. This rule will prevent the webpage from being shown to the user, and will send them a 404.

If you do not want to be alerted to these cases, simply disable the rule.

If you wish to block these connections, just set this rule to Active Response in the ASL rule manager. We do not recommend you block on this type of event, as this may also block innocent users.

[edit] Troubleshooting

[edit] False Positives

None.

[edit] Tuning Guidance

If you know that this behavior is acceptable for your application, you can either disable the rule for the server, or you can disable it for the application. Because this type of request is to the systems IP address, you can not disable this type of rule for a domain, as these types of requests are to the systems IP.

Please see the Tuning the Atomicorp WAF Rules page for basic information.

[edit] Additional Information

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

None.