WAF 330105

From Atomicorp Wiki
Jump to: navigation, search

Rule ID

330105

Status

Active rule currently published.

Alert Message

Atomicorp.com WAF Rules: Broken Bot Generic User Agent String Detected

Description

This rule is triggered if a client sends a known bot string. Currently that includes examples such as this:

User-Agent: $botname/$botversion

False Positives

None. There is no legitimate user agent that would send this User-Agent header.

If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page.

Tuning Recommendations

If you know that this behaviour is acceptable for your application, you can tune it by disabling this rule for the application or virtual host.

If you wish to tune this rule yourself, please see the Tuning the Atomicorp WAF Rules page for basic information.

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=WAF_330105&oldid=3778"
Personal tools