WAF 340002

From Atomicorp Wiki
Revision as of 18:15, 25 November 2009 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

340002

Alert Message

Atomicorp.com WAF Rules: TRACE/TRACK method denied

Description

TRACE and TRACK are valid HTTP methods used to do low level debugging of web applications by echoing back input back to the connecting system or user. TRACE and TRACK can be used to steal cookies or other website credentials.

False Positives

If you use this method this rule can be triggered. It is almost never used legitimately and should always be disabled on Internet facing systems or systems that may receive traffic from potentially hostile users or systems.

Similar Rules

WAF_340361 - This rule disables the CONNECT method. Although for a different reason, the rules are very similar.

Outside References

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

Personal tools