Difference between revisions of "WAF 340002"
(Created page with ''''Rule ID''' 340002 '''Alert Message''' Atomicorp.com WAF Rules: TRACE/TRACK method denied '''Description''' TRACE and TRACK are valid HTTP methods used to do low leve…')
Latest revision as of 18:15, 25 November 2009
Atomicorp.com WAF Rules: TRACE/TRACK method denied
TRACE and TRACK are valid HTTP methods used to do low level debugging of web applications by echoing back input back to the connecting system or user. TRACE and TRACK can be used to steal cookies or other website credentials.
If you use this method this rule can be triggered. It is almost never used legitimately and should always be disabled on Internet facing systems or systems that may receive traffic from potentially hostile users or systems.
WAF_340361 - This rule disables the CONNECT method. Although for a different reason, the rules are very similar.