WAF 390719

From Atomicorp Wiki
Revision as of 21:13, 19 September 2012 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 390719
Status Active
Alert Message Atomicorp.com WAF Rules: Attempt to access protected file remotely

Contents

[edit] Description

This rule detects when a protected file name is used in an HTTP header (other than the URL, Cookie or Referer headers). This rule specifically protects sensitive OS and application configuration files, such as webserver configuration files, operating system configuration files, password files, and command history files from disclosure.

[edit] Troubleshooting

[edit] False Positives

A false positive can occur when an application legitimately uses this information in an HTTP header. There are no known cases where this occurs.

It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

[edit] Tuning Guidance

If you know that this behavior is acceptable for your application, you can either disable the rule for the domain, or you can disable it for the application. Please see the Tuning the Atomicorp WAF Rules page for basic information.

[edit] Additional Information

[edit] Similar Rules

WAF_390709

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

[edit] Notes

None.

Personal tools