Difference between revisions of "WAF 303833"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "{{Infobox |header1= Rule 303800 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Atomicorp.com WAF Rules: Fake Google Feedfetcher webcrawler }} = Descript...")
 
m
 
Line 1: Line 1:
 
{{Infobox
 
{{Infobox
|header1= Rule 303800
+
|header1= Rule 303833
 
|label2 = Status
 
|label2 = Status
 
|data2 = Active
 
|data2 = Active

Latest revision as of 17:30, 4 June 2014

Rule 303833
Status Active
Alert Message Atomicorp.com WAF Rules: Fake Google Feedfetcher webcrawler

Contents

[edit] Description

This exclusive capability in the Atomicorp ruleset can detect when a client pretends to be a google feedfetcher webcrawler. This is part of googles search engine technology used with feeds (e.g. RSS). This helps to detect and block potential zero day and other suspicious behavior. Attackers have been know to impersonate webcrawlers to trick naive applications that blinding trust webcrawlers. They use this method to gain access that would otherwise be blocked to non-crawlers.

This will not block the real google webcrawler. We do not recommend you disable this rule.

For ASL users, if you enable the option below, ASL will automatically and dynamically whitelist the real google webcrawler from all WAF events:

https://www.atomicorp.com/wiki/index.php/ASL_WAF#MODSEC_00_AUTOWHITELIST_SEARCHENGINE

[edit] Troubleshooting

[edit] False Positives

There are no known false positives with this rule. Please do not report this as a false positive if you are using a proxy, CDN or other similar service and your web server is not setup per this article: https://www.atomicorp.com/wiki/index.php/Proxy

If you believe this is a false positive, please report this following the process at the link below:

https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives

[edit] Tuning Guidance

Please see the Tuning the Atomicorp WAF Rules page for more information if you wish to disable or modify this rule.

[edit] Additional Information

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

Personal tools