WAF 300023

From Atomicorp Wiki
Revision as of 15:28, 6 September 2011 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

300023

Status

Active rule currently published.

Alert Message

Atomicorp.com WAF Rules: Possible Spam: Multipleembedded urls in argument (Disable if you wish to allow 4 or more URLs in a post)

Description

This rule detects if 4 or more HTML marked up or application specific marked URLs are included in a single post.

This rules work by detecting the use of a URL as either an HTML argument, or an application specific (i.e. url=) URL is included in a POST.

False Positives

A false positive can occur when an application legitimately allows a user to submit 4 or more URLs in a POST. The rules contain a large library of known web applications and safe methods for using URLs, and can detect known safe methods and ignore them. However it is possible for a new or custom application to do this in an unknown manner and incorrectly trigger this rule.

If you have a false positive, its recommended that you follow the tuning guidance below.

Tuning Guidance

If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL. Please see the Tuning the Atomicorp WAF Rules page for basic information.

If you believe this is a false positive, please follow the instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.


Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Personal tools