WAF 340012

From Atomicorp Wiki
Jump to: navigation, search

Rule ID

340012

Status

Active rule currently published.

Alert Message

Atomicorp.com WAF Rules: Unauthorized Proxy access attempt

Description

This rule detects any attempt to use the web server as a proxy. For example, if a client attempts to send a request similar to this:

POST http://www.example.com:25/ HTTP/1.0

This is an attempt to use the webserver to contect to an SMTP server. This method (and others) are used by hackers and spammers to carry out attacks and spamming activities through "marks" or systems that are vulnerable to proxying. This deflects the blame for the attack and spamming onto the system that is acting as a proxy.

This rule prevents unauthorized proxy attempts.

False Positives

There are no known false positives for this rule. If this rule is being triggered, a client is attempting to proxy a connection through the server.

Tuning Guidance

If you know that this behavior is acceptable for your application, you can tune it by following the Tuning the Atomicorp WAF Rules guidance.

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

None.

Personal tools