Difference between revisions of "WAF 330036"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "'''Rule ID''' 330036 '''Status''' Active rule currently published. '''Alert Message''' Atomicorp.com WAF Rules: Suspicious User agent detected '''Description''' This ...")

Revision as of 13:39, 30 December 2010

Rule ID

330036

Status

Active rule currently published.

Alert Message

Atomicorp.com WAF Rules: Suspicious User agent detected

Description

This rule detects if the user agent "indy library" is used. This client is known to be used for some malicious activity. If you use this user agent, then disable this rule.

False Positives

There are no known false positives with this rule. The rule looks at the User-Agent header and if the application identified itself as "indy library" it will trigger.

If you have examined the headers and have identified a case where the agent is not reporting that that is "indy library", please report this as a false positive. Otherwise, if you use this user agent, disable this rule for your syste,.

Instructions to report false positives are detailed on the Reporting False Positives wiki page.

If you wish to tune this rule yourself, please see the Tuning the Atomicorp WAF Rules page for basic information.

Tuning Recommendations

If you know that this behavior is acceptable for your application, you can either disable the rule globally, or run it to only allow it for specific applications or URLs.

Similar Rules


Knowledge Base Articles

None.

Outside References

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=WAF_330036&oldid=1118"
Personal tools