WAF 331030

From Atomicorp Wiki
Revision as of 11:26, 21 March 2014 by Mshinn (Talk | contribs)

Jump to: navigation, search
Rule 331030
Status Active
Alert Message Atomicorp.com WAF Rules: Suspicious activity detected - HTTP Request Missing a Host Header

Contents

Description

This rule is triggered when a connection does not use a Host: header. This can happen in one of two ways:

  1. A client connects directly to the IP address of the system (localhost connections are ignored)
  2. A client directly connects to the HTTP port, and does not request resources from any domain hosted on the system

This rule does not block or shun. It merely alerts when this occurs. If you wish to shun these events, just set Active Response in the ASL rule manager for rule 331030 to "yes".

Troubleshooting

False Positives

There are no known false positives with this rule. The rule looks for when the Host: header is missing.

Attackers will sometimes connect to the IP address on the system when they do not know what domains or hosts are hosted on the system. If you wish to allow this, disable this rule.

Tuning Guidance

Please see the Tuning the Atomicorp WAF Rules page for more information if you wish to disable or modify this rule.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Personal tools