Difference between revisions of "HIDS 30105"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "{{Infobox |header1= Rule 30105 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Attempt to access forbidden file or directory. }} = Description = This rule...")
 
m
 
Line 17: Line 17:
 
This rule is designed to detect when your web server has prevented access to a file or directory.  This can occur if the web server is configured to prevent access to this file or directory, or if the permissions on the directory or file do not allow access by the web server.
 
This rule is designed to detect when your web server has prevented access to a file or directory.  This can occur if the web server is configured to prevent access to this file or directory, or if the permissions on the directory or file do not allow access by the web server.
  
ASL does not control or cause this behavior, it merely reports when this occurs.  Therefore, if your web server is denying you access to a file or directory, please contact the web server vendor for assistance with this issue.
+
ASL does not control or cause this behavior, it merely reports when this occurs.  Therefore, if your web server is denying you access to a file or directory, please contact your web server vendor for assistance with this issue.
  
 
ASL will not shun, by default, on these events however if you wish to have ASL block on these events please see the Tuning Advice section below.   
 
ASL will not shun, by default, on these events however if you wish to have ASL block on these events please see the Tuning Advice section below.   

Latest revision as of 20:43, 13 October 2012

Rule 30105
Status Active
Alert Message Attempt to access forbidden file or directory.

Contents

[edit] Description

This rule is triggered when ASL has detected that your web server has forbidden access to a file or directory.

This event is not triggered, caused, configured or managed by ASL.

[edit] Details

This rule is designed to detect when your web server has prevented access to a file or directory. This can occur if the web server is configured to prevent access to this file or directory, or if the permissions on the directory or file do not allow access by the web server.

ASL does not control or cause this behavior, it merely reports when this occurs. Therefore, if your web server is denying you access to a file or directory, please contact your web server vendor for assistance with this issue.

ASL will not shun, by default, on these events however if you wish to have ASL block on these events please see the Tuning Advice section below.

Disabling this rule will not prevent your web server from preventing access to this file or directory. It will simply "silence" the alert in ASL, however your web server will continue to deny access to the file or directory. We do not recommend you disable this rule.

[edit] Troubleshooting

[edit] False Positives

This rule is not caused by ASL. ASL merely reports when your web server blocks access to a file or directory

[edit] Tuning Guidance

If you wish to shun on these alerts, just set Active Response in the ASL rule manager for rule 30105 to "yes".

Disabling this rule will not prevent your web server from denying access to the file or directory. It will simply "silence" the alert in ASL. Your web server will continue to alert and/or block this activity. We do not recommend you disable this rule.

If you do not wish to see this alert, just set it to a lower level that the default in the ASL gui.

If you do not wish to be emailed on this alert, just set the rule to not email.

[edit] Additional Information

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Example log messages

[error] [client 1.2.3.4] client denied by server configuration: /home/user/public_html/favicon.ico

Personal tools