Difference between revisions of "HIDS 30155"
(Created page with "{{Infobox |header1= Rule 30155 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Multiple attempts to access a non-existent file }} = Description = ASL is re...") |
m |
||
| Line 9: | Line 9: | ||
= Description = | = Description = | ||
| − | ASL is reporting that a client has attempted to access a non-existent file, or files, multiple times via Apache. ASL does not cause this event, nor does it control this, it simply reports when Apache reports that this has happened. | + | ASL is reporting that a client has attempted to access a non-existent file, or files, '''multiple times via Apache'''. ASL does not cause this event, nor does it control this, it simply reports when Apache reports that this has happened. |
Disabling this rule will have no effect on Apache returning a non-existent file error. Disabling this rule will simply cause ASL to no longer report when this occurs. | Disabling this rule will have no effect on Apache returning a non-existent file error. Disabling this rule will simply cause ASL to no longer report when this occurs. | ||
Revision as of 16:51, 2 January 2014
| Rule 30155 | |
|---|---|
| Status | Active |
| Alert Message | Multiple attempts to access a non-existent file |
Contents |
Description
ASL is reporting that a client has attempted to access a non-existent file, or files, multiple times via Apache. ASL does not cause this event, nor does it control this, it simply reports when Apache reports that this has happened.
Disabling this rule will have no effect on Apache returning a non-existent file error. Disabling this rule will simply cause ASL to no longer report when this occurs.
ASL will also not shun on this event, so there is no effect on the end user. The default threshold to trip this rule is 25 non-existent file accesses in 60 seconds. Multiple accesses to non-existent files may indicate an attacker is attempting to find a vulnerable piece of software, or other sensitive information on the system. We not recommend you disable this rule.
Troubleshooting
False Positives
None.
If you do not wish to be alerted to these events, simply disable the rule. This will have no effect on Apaches behavior, it simply means ASL will no longer report this event.
Tuning Guidance
To configure the firewall to allow connections to this port, please see the ASL firewall documentation page.
Additional Information
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.
