WAF 330039

From Atomicorp Wiki
Revision as of 13:16, 29 October 2010 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

33039

Status

Active rule currently published.

Alert Message

Atomicorp.com WAF Rules: Suspicious Unusual User Agent (libwww-perl). Disable this rule if you use libwww-perl.

Description

This rule is triggerd if the user agent used to connect to the system is libwww-perl. Some PCI-DSS scanners will report a vulnerability if the system does not block all requests from this client.

False Positives

This client may already be used by some legitimate scripts and therefore this may not be an attack. If you use libwww-perl you must disable this rule.

False positives are not really possible with this rule. The rule simply alerts if the client reports itself as libwww-perl. If this is in error, please check your application.

Tuning Recommendations

If you know that this behaviour is acceptable for your application, you can tune it by disabling this rule for the application or virtual host.

If you wish to tune this rule yourself, please see the Tuning the Atomicorp WAF Rules page for basic information.

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Personal tools