Difference between revisions of "WAF 390707"

From Atomicorp Wiki
Jump to: navigation, search
m
Line 1: Line 1:
'''Rule ID'''
+
{{Infobox
 +
|header1 = Rule 390707
 +
|label2 = Status
 +
|data2 = Active
 +
|label3 = Alert Message
 +
|data3 = Atomicorp.com WAF Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)
 +
}}
  
390707
+
= Description =
 
+
'''Status'''
+
 
+
Active rule currently published.
+
 
+
'''Alert Message''' 
+
 
+
Atomicorp.com WAF Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)
+
 
+
 
+
'''Description''' 
+
  
 
This rule simply detects if a single request has more that 1000 arguments.  This rule is designed to help protect your system from certain Denial of Service (DOS) attacks, such as the PHP Hash DOS attack.
 
This rule simply detects if a single request has more that 1000 arguments.  This rule is designed to help protect your system from certain Denial of Service (DOS) attacks, such as the PHP Hash DOS attack.
  
 +
= Troubleshooting =
  
'''False Positives'''
+
== False Positives ==
  
This rule has no known false positivesIf this rule is triggered, it means the request has more than 1000 arguments.  If this is too low of a value for your application, then either disable this rule for the domain or increase the limit by following the advice in '''Tuning Recommendations''' below.
+
This rule can not generate a false positiveThis rule simply sets a limit of 1000 arguments in a request.  If this limit is too low for you, then either disable this rule for the domain or increase the limit by following the advice in '''Tuning Recommendations''' below.
  
 
If you believe this is a true false positive, that is the request does not have 1000 arguments, please report this to our security team.  Instructions to report false positives are detailed on the [[Reporting False Positives]] wiki page.
 
If you believe this is a true false positive, that is the request does not have 1000 arguments, please report this to our security team.  Instructions to report false positives are detailed on the [[Reporting False Positives]] wiki page.
  
 +
Please do not report cases where the rule is working correctly.
  
'''Tuning Recommendations'''
+
==Tuning Recommendations==
  
 
If you wish to tune this rule yourself, please see the [[Tuning the Atomicorp WAF Rules]] page for basic information.  In the case of this rule, if you wished to increase the number of arguments do not modify the rule itself, ASL will overwrite updates to the rules if you tell it to update its rule.  Instead, follow the recommendations on the [[Tuning the Atomicorp WAF Rules]] page, disable this rule globally, and create a custom version of this rule for your system.
 
If you wish to tune this rule yourself, please see the [[Tuning the Atomicorp WAF Rules]] page for basic information.  In the case of this rule, if you wished to increase the number of arguments do not modify the rule itself, ASL will overwrite updates to the rules if you tell it to update its rule.  Instead, follow the recommendations on the [[Tuning the Atomicorp WAF Rules]] page, disable this rule globally, and create a custom version of this rule for your system.
  
 
If you do not wish to restrict the number of arguments in a request, just disable this rule.
 
If you do not wish to restrict the number of arguments in a request, just disable this rule.
 +
= Additional Information =
  
'''Similar Rules'''
+
== Similar Rules ==
  
 +
None.
  
'''Knowledge Base Articles'''
+
== Knowledge Base Articles==
  
 
None.
 
None.
  
'''Outside References'''
+
== Outside References ==
 +
 
 +
[http://www.exploit-db.com/exploits/18305/]
 +
 
 +
[http://arstechnica.com/business/2011/12/huge-portions-of-web-vulnerable-to-hashing-denial-of-service-attack/]
 +
 
 +
== Notes ==
 +
 
 +
None.

Revision as of 19:23, 3 May 2013

Rule 390707
Status Active
Alert Message Atomicorp.com WAF Rules: Too many arguments in request (max set to 1000, increase as necessary for your system)

Contents

Description

This rule simply detects if a single request has more that 1000 arguments. This rule is designed to help protect your system from certain Denial of Service (DOS) attacks, such as the PHP Hash DOS attack.

Troubleshooting

False Positives

This rule can not generate a false positive. This rule simply sets a limit of 1000 arguments in a request. If this limit is too low for you, then either disable this rule for the domain or increase the limit by following the advice in Tuning Recommendations below.

If you believe this is a true false positive, that is the request does not have 1000 arguments, please report this to our security team. Instructions to report false positives are detailed on the Reporting False Positives wiki page.

Please do not report cases where the rule is working correctly.

Tuning Recommendations

If you wish to tune this rule yourself, please see the Tuning the Atomicorp WAF Rules page for basic information. In the case of this rule, if you wished to increase the number of arguments do not modify the rule itself, ASL will overwrite updates to the rules if you tell it to update its rule. Instead, follow the recommendations on the Tuning the Atomicorp WAF Rules page, disable this rule globally, and create a custom version of this rule for your system.

If you do not wish to restrict the number of arguments in a request, just disable this rule.

Additional Information

Similar Rules

None.

Knowledge Base Articles

None.

Outside References

[1]

[2]

Notes

None.

Personal tools