WAF 397678

From Atomicorp Wiki
Revision as of 16:02, 7 September 2012 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

397678

Status

Active rule currently published.

Alert Message


Atomicorp.com WAF Rules - Virtual Just In Time Patch: Attempt to access insecure BackupBuddy backup - disable this rule if you want to allow insecure downloads of BackupBuddy backups.

Description

This rule detects if someone attempts to access a Backbuddy backup. Backupbuddy does not authenticate access requests to backups, and attacks can access a backup by either guessing the backup files name, which uses a standard format, or accessing the backups directory (if the server is so configured to allow access).

False Positives

This rule blocks users from using BackupBuddy in an insecure manner. If you wish to allow your users to do this, disable this rule.

Tuning Guidance

If you you believe this is a false positive, please submit it to our support team. The process for submitting false positives is documented on the Reporting False Positives page.

Similar Rules

WAF_397679

Knowledge Base Articles

None.

Outside References

None.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=WAF_397678&oldid=2621"
Personal tools