Difference between revisions of "WAF 390702"
(Created page with "{{Infobox |header1= Rule 390702 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Atomicorp.com WAF Rules: Multiple/Conflicting Connection Header Data Found }}...") |
Revision as of 13:34, 13 May 2013
| Rule 390702 | |
|---|---|
| Status | Active |
| Alert Message | Atomicorp.com WAF Rules: Multiple/Conflicting Connection Header Data Found |
Contents |
Description
This rules detects when multiple or conflicting connection headers are found. For example:
Connection: keep-alive, keep-alive
Broken and/or malicous clients often have duplicate or conflicting headers, and many automated programs and malicious software often do not obey the HTTP RFC. This behavior is not normal or common for actual clients, and is extremely rare. If you see this rule being triggered you have either a malicious client connecting to your system, or a very broken application. In either case, we do not recommend you disable this rule as it will detect potentially unknown attacks associated with this condition.
Troubleshooting
False Positives
None.
Tuning Guidance
None. This rule detects invalid connections. If clients are connecting in this manner this is a bug on the client side, and the connection is invalid.
Additional Information
Similar Rules
None.
Knowledge Base Articles
None.
Outside References
None.
