HIDS 60141

From Atomicorp Wiki
Jump to: navigation, search

Rule ID

60141

Status

Active rule currently published.

Alert Message


Description

ASL does not cause this event.

ASL is simply reporting when apache reports that a client has requested part of a file, document, etc. that is invalid. For example, the client asked for the 1800th-1900th bytes of a document, but the document was only 200 bytes long. This may indicate an attempt to carry out a denial of service attack, or the client may simply be trying to access files that have changed in size since the last request and client is using out of date cached data.

This rule does not block anything by default.

False Positives None.

It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Tuning Guidance

None.

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Personal tools