WAF 332039

From Atomicorp Wiki
Jump to: navigation, search

Rule ID

332039

Status

Active rule currently published.

Alert Message

Atomicorp.com WAF Rules: Suspicious Unusual User Agent (python-requests). Disable this rule if you use python-requests

Description

This rule detects when a client tells the web server that it is the python-requests library. Web clients can report to a web server what they are. For example, a web client can report to the web server that it is a Webbrowser, such as Chrome, or it can report to the web server that it is GoogleBot, or a specific client, library or software package. Clients do this by sending a special header to the web server, for example:

User-Agent: python-requests/2.2.1 CPython/2.7.6 Linux/3.19.0-25-generic

Some malware is known to use the python-requests library, so some users prefer to block all requests with this User-agent header. Some PCI-DSS compliance auditors will fail a site if it does not block clients that self report this client.

False Positives'

None. The rule does not cause this to occur, it can only be triggered if the Client reports it is using this software package. Therefore, if you wish to allow these clients to connect to your system, simply disable the rule.

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Personal tools