Difference between revisions of "WAF 331030"
From Atomicorp Wiki
(Created page with "{{Infobox |header1= Rule 331030 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Atomicorp.com WAF Rules: Suspicious activity detected - HTTP Request Missing...") |
m |
||
| Line 14: | Line 14: | ||
#A client directly connects to the HTTP port, and does not request resources from any domain hosted on the system | #A client directly connects to the HTTP port, and does not request resources from any domain hosted on the system | ||
| − | This rule does not block. It merely | + | '''This rule does not block or shun.''' It merely alerts when this occurs. If you wish to shun these events, just set Active Response in the ASL rule manager for rule 331030 to "yes". |
= Troubleshooting = | = Troubleshooting = | ||
Revision as of 13:10, 4 September 2013
| Rule 331030 | |
|---|---|
| Status | Active |
| Alert Message | Atomicorp.com WAF Rules: Suspicious activity detected - HTTP Request Missing a Host Header |
Contents |
Description
This rule is triggered when a connection does not use a Host: header. This can happen in one of two ways:
- A client connects directly to the IP address of the system (localhost connections are ignored)
- A client directly connects to the HTTP port, and does not request resources from any domain hosted on the system
This rule does not block or shun. It merely alerts when this occurs. If you wish to shun these events, just set Active Response in the ASL rule manager for rule 331030 to "yes".
Troubleshooting
False Positives
There are no known false positives with this rule. The rule looks for when the Host: header is missing.
Attackers will sometimes connect to the IP address on the system when they do not know what domains or hosts are hosted on the system.
Tuning Guidance
Please see the Tuning the Atomicorp WAF Rules page for more information if you wish to disable or modify this rule.
Additional Information
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.
