Description

This rule is triggered when a third party QOS system, specially mod_qos, has reported an event that it has blocked. Specifically if mod_qos has blocked an invalid request.

These events are not triggered, caused, configured or managed by by ASL, and ASL does not cause the blocking action or alert. The Third Party IDS is the cause of this event.

ASL will shun on this event by default.

Details

This rule is designed to detect the third party mod_qos event and to alert when it has blocked an invalid connection.

ASL does not control or configure mod_qos, it merely reports when this occurs. Therefore, if your mod_qos is in error, please contact the vendor that installed mod_qos for assistance with configuring it.

Disabling this rule will not prevent mod_qos blocking this activity. It will simply "silence" the alert in ASL, and prevent ASL from shunning this event. However mod_qos will continue to block this activity. We do not recommend you disable this rule.

Troubleshooting

False Positives

None.

Tuning Guidance

If you do not wish to shun on these alerts, just set Active Response in the ASL rule manager for rule 30114 to "no".

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.