WAF 330773

From Atomicorp Wiki
Jump to: navigation, search

Rule ID

330773

Alert Message

Atomicorp.com WAF Rules: client redefining HTTP_PROXY value denied

Description

This means the client tried to set an HTTP header called "Proxy". This header is not defined, and causes what is called a namespace conflict. Web servers take this header and convert it to HTTP_PROXY. Which a web application will treat as the Proxy address for the web application. This allows a user to define the Proxy value for a web application, thereby forcing and control the web application to send any outbound traffic to a server of the users choice. An attacker can use this carry out man in the middle attacks on the application, allowing the attacker to send and recieve any data from/to the web application, potentially leading to code injections into the web application and compromise of the system.

This rule blocks attempts to define this value.

False Positives:

None. If this rule triggers it means a user has tried to define this value. If you allow this by disabling this rule you will open your system up to attacks that modsecurity can not detect or prevent.

Do not disable this rule.

Similar Rules

None.

References

Personal tools