Difference between revisions of "WAF 340002"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with ''''Rule ID''' 340002 '''Alert Message''' Atomicorp.com WAF Rules: TRACE/TRACK method denied '''Description''' TRACE and TRACK are valid HTTP methods used to do low leveā€¦')
 

Latest revision as of 18:15, 25 November 2009

Rule ID

340002

Alert Message

Atomicorp.com WAF Rules: TRACE/TRACK method denied

Description

TRACE and TRACK are valid HTTP methods used to do low level debugging of web applications by echoing back input back to the connecting system or user. TRACE and TRACK can be used to steal cookies or other website credentials.

False Positives

If you use this method this rule can be triggered. It is almost never used legitimately and should always be disabled on Internet facing systems or systems that may receive traffic from potentially hostile users or systems.

Similar Rules

WAF_340361 - This rule disables the CONNECT method. Although for a different reason, the rules are very similar.

Outside References

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=WAF_340002&oldid=657"
Personal tools