WAF Rule ID 340362ο
Alert message: Atomicorp.com WAF Rules: ModSecurity does not support content encodings and can not detect attacks using it, therefore it must be blocked.
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 1
HTTP Status: 501
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Inbound undefined compressed content (not be confused with compressed files or properly defined compressed content) is invisible to all Web Application Firewalls. Therefore they can not see or evaluate any traffic encoded in this manner. If an attack were to be encoded in this way the WAF would not catch it, therefore WAFs are configured to block this traffic.
This rule looks for this header:
Content-Encoding: Identity
If this header exists, the request is rejected because the WAF can not decode this kind of content. It is invisible to the WAF (because its compressed, but the method of compression is not defined, so the WAF has no idea how to uncompress it), and therefore an attack can simply bypass the WAF by compressing an attack.
Do not disable this rule.
Background
The use of this method is also consider invalid by the HTTP 1.1 RFC. This content-coding is used only in the Accept-Encoding header, and SHOULD NOT be used in the Content-Encoding header. This rule detects this RFC non-compliant compressed inbound content and blocks it correctly. The content is both invalid, and invisible to the WAF. The use of this method is extremely rare in practice, as properly designed client applications will not do this. If you have an application that performs in this manner the application is not in compliance with RFCs, is generating invalid encodings, is producing content the WAF will not be able to decompress (and which it will therefore block) and should be modified to be in compliance with the HTTP 1.1 RFC.
See the RFC in the references section below for technical details.
Troubleshooting:
False Positives:
None. If this rule triggers it means content encoded data, as explained above, is being sent to the server. If you allow this by disabling this rule you will open your system up to attacks that modsecurity can not detect or prevent.
Do not disable this rule.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html
WAF Rule ID 340002ο
Alert message: Atomicorp.com WAF Rules: TRACE/TRACK method denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
TRACE and TRACK are valid HTTP methods used to do low level debugging of web applications by echoing back input back to the connecting system or user. TRACE and TRACK can be used to steal cookies or other website credentials.
Troubleshooting:
False Positives:
If you use this method this rule can be triggered. It is almost never used legitimately and should always be disabled on Internet facing systems or systems that may receive traffic from potentially hostile users or systems.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html
WAF Rule ID 340361ο
Alert message: Atomicorp.com WAF Rules: CONNECT method denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
The CONNECT method can be used to connect to arbitrary services and can turn a web server into a proxy server. For example, this method can be used to connec to port 25 on a mail server, turning a web server into an open relay for spamming. Unless you have configured your system to be a proxy, and have setup appropriate access control it is recommended you leave this rule turned on.
Troubleshooting:
False Positives:
Can be triggered if the system is a proxy server.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html
WAF Rule ID 390616ο
Alert message: Atomicorp.com WAF Rules: POST request must have a Content-Length header
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects to see if a POST request has a Content-Length header. Per the RFC, a valid Content-Length is required on all HTTP POST requests.
Troubleshooting:
False Positives:
No known false positives. If you see this behavior it is caused by either a buggy, non-compliant application, or it may be part of an attack.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.5
WAF Rule ID 390706ο
Alert message: Atomicorp.com WAF Rules: Expect Header Not Allowed for HTTP 1.0. This is an HTTP 1.1 feature.
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Expect Header Not Allowed for HTTP 1.0. This is an HTTP 1.1 feature.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340012ο
Alert message: Atomicorp.com WAF Rules: Unauthorized Proxy access attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects any attempt to use the web server as a proxy. For example, if a client attempts to send a request similar to this:
POST http://www.example.com:25/ HTTP/1.0
This is an attempt to use the webserver to contect to an SMTP server. This method (and others) are used by hackers and spammers to carry out attacks and spamming activities through βmarksβ or systems that are vulnerable to proxying. This deflects the blame for the attack and spamming onto the system that is acting as a proxy.
This rule prevents unauthorized proxy attempts.
Troubleshooting:
False Positives:
There are no known false positives for this rule. If this rule is being triggered, a client is attempting to proxy a connection through the server.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by following the Tuning the Atomicorp WAF Rules guidance.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 392301ο
Alert message: Atomicorp.com WAF Rules: Request Containing Content, but Missing Content-Type header
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Options: No active Response
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects when a request is made using an improper method. By default, if a request body is sent it must define its Content-Type so the backend application knows how to handle it. The WAF also needs to understand the Content-Type. he WAF works by inspecting content based on the βtypeβ defined by the request. This of this as a foreign language. The WAF needs to understand the type to be able to properly inspect its contents.
Attacks use this method to get past WAFs by not defining the Content-Type, so the WAF has to guess what its reading. The attacker relies on this and that the WAF will assume its reading one content type, when another content type is being used. This can be used to bypass the WAF entirely.
This rule prevents this method. Any application that causes this to occur should be fixed to define its Content-Type.
Troubleshooting:
False Positives:
A false positive can occur when an application legitimately does not set the Content-Type. However, this should never be allowed. All request bodies should define the Content-Type, and there is no reason for an application to not do this. We highly recommend you do not disable this rule, and rather fix the application.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by following the Tuning the Atomicorp WAF Rules guidance.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390707ο
Alert message: Atomicorp.com WAF Rules: Too many arguments in request (max set to 4096, increase as necessary for your system)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: β9β
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule simply detects if a single request has more that 1000 arguments. This rule is designed to help protect your system from certain Denial of Service (DOS) attacks, such as the PHP Hash DOS attack.
Troubleshooting:
False Positives:
This rule can not generate a false positive. This rule simply sets a limit of 1000 arguments in a request. If this limit is too low for you, then either disable this rule for the domain or increase the limit by following the advice in Tuning Recommendations below.
If you believe this is a true false positive, that is the request does not have 1000 arguments, please report this to our security team.
Please do not report cases where the rule is working correctly.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you do not wish to restrict the number of arguments in a request, just disable this rule.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
https://www.exploit-db.com/exploits/18305
https://arstechnica.com/information-technology/2011/12/huge-portions-of-web-vulnerable-to-hashing-denial-of-service-attack/
WAF Rule ID 330707ο
Alert message: Atomicorp.com WAF Rules: Too many cookies in request (max set to 1000, increase as necessary for your system)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Too many cookies in request (max set to 1000, increase as necessary for your system)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330708ο
Alert message: Atomicorp.com WAF Rules: Possible CSRF attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Possible CSRF attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390626ο
Alert message: Atomicorp.com WAF Rules: Null Byte Attack Blocked (Null byte character in Argument Name)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 23
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Null Byte Attack Blocked (Null byte character in Argument Name)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 395614ο
Alert message: Atomicorp.com WAF Rules: Spammer attempting to defeat recapatcha
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Spammer attempting to defeat recapatcha
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390614ο
Alert message: Atomicorp.com WAF Rules: Null Byte Attack Blocked (Invalid character in ARGS)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 23
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rules detects NULL characters in unusual arguments. NULL characters are often used by attackers to try an bypass intrusion detection systems, as there have been vulnerabilities in IDSβ (including modsecurity) that have allowed attackers to bypass IDS systems. WAFs will commonly ignore everything after the null but pass the entire string to web server where it is processed. The Rules will detect the use of NULL characters and will block them.
Example attackβ
GET /index.php?option=com_shoutbox&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1
The last character in this request is a null, which is invalid and is part of an actual attack on the system. The above example is an attacker attempting to access the Linux /proc file system via a recursion attack, with an added NULL character at the end to attempt to evade the IDS system.
Troubleshooting:
False Positives:
The rule contains logic to detect cases where the use of NULL characters is non-malicious. In some cases, an application may do this in a new way that logic can not detect.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 390613ο
Alert message: Atomicorp.com WAF Rules: Null Byte Attack Blocked (Invalid character in request or headers)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 10
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rules detects NULL characters in the request URL or in a header for the request. NULL characters are often used by attackers to try an bypass intrusion detection systems, as there have been vulnerabilities in IDSβ (including modsecurity) that have allowed attackers to bypass IDS systems. The Rules will detect the use of NULL characters and will block them.
Example attackβ
GET /index.php?option=com_shoutbox&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1
The last character in this request is a null, which is invalid and is part of an actual attack on the system. The above example is an attacker attempting to access the Linux /proc file system via a recursion attack, with an added NULL character at the end to attempt to evade the IDS system.
Troubleshooting:
False Positives:
This can be triggered if an application legitimately uses a NULL as a value for a Header. This has only been seen used for some Cookies, and should never be seen for URLs, File Names or Header Names.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 390618ο
Alert message: Atomicorp.com WAF Rules: Content-Length HTTP header is not numeric
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Content-Length HTTP header is not numeric
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390712ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - HTTP Response Splitting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 400
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects possible HTTP response splitting attacks. These types of attacks work by making the server print a carriage return (CR, ASCII 0x0D) line feed (LF, ASCII 0x0A) sequence followed by content supplied by the attacker in the header section of its response, typically by including them in input fields sent to the application. Per the HTTP standard (RFC 2616), headers are separated by one CRLF and the responseβs headers are separated from its body by two. Therefore, the failure to remove CRs and LFs allows the attacker to set arbitrary headers, take control of the body, or break the response into two or more separate responsesβhence the name.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344360ο
Alert message: Atomicorp.com WAF Rules: Unauthorized Operating System File Access Attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
normalisePath
urlDecodeUni
Log Types:
Basic Information (log)
Description:
Atomicorp.com WAF Rules: Unauthorized Operating System File Access Attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347009ο
Alert message: Atomicorp.com WAF Rules: Protected File access denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
cmdLine
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Protected File access denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347017ο
Alert message: Atomicorp.com WAF Rules: Invalid Generic Path Recursion denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Invalid Generic Path Recursion denied in URI/ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347016ο
Alert message: Atomicorp.com WAF Rules: Invalid Generic Path Recursion denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Invalid Generic Path Recursion denied in URI/ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347008ο
Alert message: Atomicorp.com WAF Rules: Suspicious deep path recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 16
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Suspicious deep path recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347019ο
Alert message: Atomicorp.com WAF Rules: Suspicious path recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 15
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Suspicious path recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347028ο
Alert message: Atomicorp.com WAF Rules: Suspicious deep path recursion denied (base64 encoded)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
cmdLine
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Suspicious deep path recursion denied (base64 encoded)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340008ο
Alert message: Atomicorp.com WAF Rules: Bogus Path denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 9
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule is detecting the use of a bogus path. An example of a bogus path would be:
/β¦/some_file There is no such valid path in any operating system. ββ¦β is an invalid directory. This would be an indication of a possible attempt to access hidden content on the system, or to create a hidden directory.
Troubleshooting:
False Positives:
There are no known valid conditions in which this can occur.
If you believe this to be a a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page.
If you wish to tune this rule yourself, please see the Tuning the Atomicorp WAF Rules page for basic information.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
There are no known valid conditions in which this can occur, therefore it is not recommended that you tune the system to allow this.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340218ο
Alert message: Atomicorp.com WAF Rules: Bogus Path denied (base64 encoded)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
cmdLine
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Bogus Path denied (base64 encoded)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340142ο
Alert message: Atomicorp.com WAF Rules: Special account protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Special account protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340009ο
Alert message: Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 68
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Description:
This rule detects if a protected path is accessed by a web request. A protected path includes key parts of the operating system, such as c:/windows, /bin, /lib, /dev, /proc and other important parts of the OS.
Troubleshooting:
False Positives:
If a web application needs to access these parts of the OS this rule can be triggered. Check to ensure that your application actually needs to access this part of the OS and that this is not an attack. It is not recommended you disable this rule, but rather that you report it as a false positive so we can put out an update for your application.
Instructions to report false positives are detailed on the Reporting False Positives wiki page.
If you wish to tune this rule yourself, please see the Tuning the Atomicorp WAF Rules page for basic information.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340007ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 48
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule is detecting the use of path recursion in an Argument or in the URI. This rule attempts to detect encoded recursions, an example of a recursion attack may look like:
../..
An example attack could be to get to a protected file on the system. For example:
../../../../../etc/passwd
Troubleshooting:
False Positives:
Some applications may use recursions to get some files. Therefore a false positive can occur. It is not recommended that you disable this rule. If this is a false positive, please report this to our security team can determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page.
If you wish to tune this rule yourself, please see the Tuning the Atomicorp WAF Rules page for basic information.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow recursions.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 390709ο
Alert message: Atomicorp.com WAF Rules: Attempt to access protected file remotely
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 30
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
htmlEntityDecode
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects when a protected file is accessed remotely. This rule specifically protects sensitive OS and application configuration files, such as webserver configuration files, operating system configuration files, password files, and command history files.
Troubleshooting:
False Positives:
A false positive can occur when an application legitimately requires access to these files. The rules contain a large library of known web applications and safe methods for access these highly sensitive files, and can detect known safe methods and ignore them. However it is possible for a new or custom application to do this in an unknown manner and incorrectly trigger this rule.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow recursions.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 390719ο
Alert message: Atomicorp.com WAF Rules: Attempt to access protected file remotely
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
compressWhitespace
htmlEntityDecode
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects when a protected file name is used in an HTTP header (other than the URL, Cookie or Referer headers). This rule specifically protects sensitive OS and application configuration files, such as webserver configuration files, operating system configuration files, password files, and command history files from disclosure.
Troubleshooting:
False Positives:
A false positive can occur when an application legitimately uses this information in an HTTP header. There are no known cases where this occurs.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can either disable the rule for the domain, or you can disable it for the application.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 344367ο
Alert message: Atomicorp.com WAF Rules: SQL Injection Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules: SQL Injection Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344378ο
Alert message: Atomicorp.com WAF Rules: GraphQL Injection Attack attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
removeComments
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules: GraphQL Injection Attack attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340155ο
Alert message: Atomicorp.com WAF Rules: Generic SQL Injection protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 25
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects SQL injection attacks. If this rule is being triggered, this means that someone has attempted to inject a SQL statement into an application.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380023ο
Alert message: Atomicorp.com WAF Rules: Generic SQL Injection protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
replaceComments
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL Injection protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380024ο
Alert message: Atomicorp.com WAF Rules: Generic SQL Injection protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
hexDecode
replaceComments
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL Injection protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380123ο
Alert message: Atomicorp.com WAF Rules: SQL injection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380122ο
Alert message: Atomicorp.com WAF Rules: MySQL and PostgreSQL stored procedure/function injections
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects when either database store procedure or function content is detected in a POST from a client to the server. In most cases this indicates that the server is being attacked.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380025ο
Alert message: Atomicorp.com WAF Rules: SQL injection with PHP/PERL payload
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: SQL injection with PHP/PERL payload
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340013ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection in cookie or UA
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection in cookie or UA
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340016ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - SQL injection attempt detected
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 48
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
removeComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects SQL content. It is tuned to try and ignore this in cases where this may be normal (SQL application for example). An example attack could be to get dump user passwords from a database:
union select from usernames
Troubleshooting:
False Positives:
Some applications use SQL in their arguments in ways that we may not have seen before, and therefore we have not tuned the rules to ignore this legitimate behavior. Some applications are vulnerable to SQL injection attacks and this may be an actual attack, and in some very bad cases an application may use raw SQL in an unprotected argument to function properly. Therefore a false positive can occur, and we recommend that you not disable this rule.
Instead, we recommend that you report this to use as a false positive. Our security team can determine if this is a legitimate case for you, or if its clever attack on your system and we will put out an update to the rules to make sure your application can function and that you are not opening your system to further attack. Instructions to report false positives are detailed on the Reporting False Positives wiki page.
If you wish to tune this rule yourself, please see the Tuning the Atomicorp WAF Rules page for basic information.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to SQL.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340017ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 49
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects SQL content. It is tuned to try and ignore this in cases where this may be normal (SQL application for example). An example attack could be to get dump user passwords from a database:
union select from usernames
Troubleshooting:
False Positives:
Some applications use SQL in their arguments in ways that we may not have seen before, and therefore we have not tuned the rules to ignore this legitimate behavior. Some applications are vulnerable to SQL injection attacks and this may be an actual attack, and in some very bad cases an application may use raw SQL in an unprotected argument to function properly. Therefore a false positive can occur, and we recommend that you not disable this rule.
Instead, we recommend that you report this to use as a false positive. Our security team can determine if this is a legitimate case for you, or if its clever attack on your system and we will put out an update to the rules to make sure your application can function and that you are not opening your system to further attack. Instructions to report false positives are detailed on the Reporting False Positives wiki page.
If you wish to tune this rule yourself, please see the Tuning the Atomicorp WAF Rules page for basic information.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to SQL.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340144ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection 2
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 38
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection 2
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340145ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - SQL injection probe
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 43
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - SQL injection probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390572ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - SQL injection probe
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 22
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - SQL injection probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340146ο
Alert message: Atomicorp.com WAF Rules: Generic SQL metacharacter URI injection protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL metacharacter URI injection protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381025ο
Alert message: Atomicorp.com WAF Rules: SQL injection with payload - base64 encoded
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: SQL injection with payload - base64 encoded
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 381026ο
Alert message: Atomicorp.com WAF Rules: SQL injection with PHP/PERL payload - hex encoded
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
hexDecode
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: SQL injection with PHP/PERL payload - hex encoded
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340159ο
Alert message: Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 39
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
hexDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects SQL content. It is tuned to try and ignore this in cases where this may be normal (SQL application for example). An example attack could be to get dump user passwords from a database:
union select from usernames
Troubleshooting:
False Positives:
Some applications use SQL in their arguments in ways that we may not have seen before, and therefore we have not tuned the rules to ignore this legitimate behavior. Some applications are vulnerable to SQL injection attacks and this may be an actual attack, and in some very bad cases an application may use raw SQL in an unprotected argument to function properly. Therefore a false positive can occur, and we recommend that you not disable this rule.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to SQL.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340164ο
Alert message: Atomicorp.com WAF Rules: SQL Injection Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 11
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: SQL Injection Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340156ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 14
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340157ο
Alert message: Atomicorp.com WAF Rules: Generic SQL inline command protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 38
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects when SQL code is sent from the client to the server via either an untrusted argument, or application. This is likely an attack against the system.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340181ο
Alert message: Atomicorp.com WAF Rules: Generic SQL inline command protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL inline command protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393655ο
Alert message: Atomicorp.com WAF Rules: Possible Remote Command Execution: Unix Shell Expression Found
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 11
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
urlDecodeUni
Log Types:
Basic Information (log)
Description:
Atomicorp.com WAF Rules: Possible Remote Command Execution: Unix Shell Expression Found
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393654ο
Alert message: Atomicorp.com WAF Rules - command injection in URL|ARGS blocked
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
cmdLine
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - command injection in URL|ARGS blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393653ο
Alert message: Atomicorp.com WAF Rules - command injection in URL blocked
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules - command injection in URL blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340014ο
Alert message: Atomicorp.com WAF Rules: CMD injection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 19
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects when a client attempts to access a command line tool on the server via the web server. This means the client either tried to access or find the tool on the system. This can indicate that an attacker is attempting to run commands on the server.
Troubleshooting:
False Positives:
If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Do not disable this rule.
Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340193ο
Alert message: Atomicorp.com WAF Rules: CMD injection in URI
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 17
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: CMD injection in URI
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340029ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - command in REQUEST_URI or Argument
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 38
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects when a Linux command is used in a URL or an argument. It specifically looks for these types of commands:
process management tools (kill, nice, etc.) file management tools (cp, chown, rm, etc.) shells (bash, tcsh, etc.) compilers (gcc, c++, etc.) web downloading tools (wget, curl, etc.) interpreters (perl, php, etc.) other downloading tools (scp, ftp, etc.)
Some attack tools are known to blindly look for software tools and to see if it can use them. Therefore, the fact that this rule is triggered does not mean that the software tool is installed on the system.
If your system is being targeted with these kinds of attacks we do not recommend you disable this rule. This rule may be telling you that someone is attacking your system, and therefore you should block this source.
Troubleshooting:
False Positives:
A false positive could occur if an application either safely allows the use of these tools, or if the data is used in a non-command context such as in a document. The rule contains a large number of known safe applications that may either use these tools securely, or may allow this data in non-command mode. If you have confirmed that your application is safely using these commands, or this data in a non-command format, please let us know what the application is, how you confirmed this so we can duplicate this in our test environment, and report the issue as a False Positive.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
If you want to disable this rule, please see the Tuning the Atomicorp WAF Rules page for basic information.
WAF Rule ID 340030ο
Alert message: Atomicorp.com WAF Rules: Pipe command line probe
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Pipe command line probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340082ο
Alert message: Atomicorp.com WAF Rules: SMTP redirect over http attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: SMTP redirect over http attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380027ο
Alert message: Atomicorp.com WAF Rules: Code injection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Code injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380028ο
Alert message: Atomicorp.com WAF Rules: Code injection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Code injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344377ο
Alert message: Atomicorp.com WAF Rules: Code injection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Code injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344376ο
Alert message: Atomicorp.com WAF Rules: Code injection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Code injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340019ο
Alert message: Atomicorp.com WAF Rules: Generic PHP bad functions protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic PHP bad functions protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340162ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection Attack detected (Unauthorized URL detected as argument)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 307
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects possible Remote File Injection attempts. These types of attacks work by tricking an application into download software into itself, which will allow the attacker to download any software they want unto the victims systems, thereby compromising it.
This rule works by detecting the use of a URL as an argument.
Troubleshooting:
False Positives:
A false positive can occur when an application legitimately sets an argument to a URL, and does this using a previously unknown argument or method to store this URL. The rules contain a large library of known web applications and safe methods for using URLs, and can detect known safe methods and ignore them. However it is possible for a new or custom application to do this in an unknown manner and incorrectly trigger this rule.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL. Please see the Tuning the Atomicorp WAF Rules page for basic information.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340165ο
Alert message: Atomicorp.com WAF Rules: Uniencoded possible Remote File Injection attempt in URI (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 292
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects Remote File Injection attempts. These types of attacks work by tricking an application into download software into itself, which will allow the attacker to download any software they want unto the victims systems, thereby compromising it.
This rules work by detecting the use of a URL as an argument in the URL, for example:
GET /foo.php?foo=http://www.example.com
It will also try to determine if this is a local request, and if it is the local request will be allowed.
Troubleshooting:
False Positives:
A false positive can occur when an application legitimately sets an argument to a URL, and does this using a previously unknown argument or method to store this URL. The rules contain a large library of known web applications and safe methods for using URLs, and can detect known safe methods and ignore them. However it is possible for a new or custom application to do this in an unknown manner and incorrectly trigger this rule.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340855ο
Alert message: Atomicorp.com WAF Rules: Include Remote File Injection attempt in argument
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 9
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Include Remote File Injection attempt in argument
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340031ο
Alert message: Atomicorp.com WAF Rules: Remote file inclusion
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote file inclusion
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340163ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection Attack Blocked (Unauthorized URL detected as argument)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 307
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects Remote File Injection attempts that are encoded. These types of attacks work by tricking an application into download software into itself, which will allow the attacker to download any software they want unto the victims systems, thereby compromising it.
This rules work by detecting the use of a URL as an argument, and tries to detect encoding methods that may used to hide this.
Troubleshooting:
False Positives:
A false positive can occur when an application legitimately sets an argument to a URL, and does this using a previously unknown argument or method to store this URL. The rules contain a large library of known web applications and safe methods for using URLs, and can detect known safe methods and ignore them. However it is possible for a new or custom application to do this in an unknown manner and incorrectly trigger this rule. Some applications may also legitimately use encoding methods.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340023ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - remote command execution
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 7
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - remote command execution
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380026ο
Alert message: Atomicorp.com WAF Rules: PHP payload detected
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 11
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP payload detected
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340117ο
Alert message: Atomicorp.com WAF Rules: General [url] php forum protections
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: General [url] php forum protections
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340039ο
Alert message: Atomicorp.com WAF Rules: PHP command injection attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP command injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340035ο
Alert message: Atomicorp.com WAF Rules: Bogus file extensions
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects βbogusβ file extensions, that is file extensions that should not be valid. For example, a file named βshell.php.wmvβ. This method is used by attackers to try to bypass upload managers that try to enforce valid files by looking at file extensions, and deny certain types of files.
Troubleshooting:
False Positives:
A false positive can occur when a file or application is legitimately named in this non-standard fashion. We recommend that you follow a standard naming convention, as most upload managers will also follow these conventions and allowing non-standard files may allow an attacker to bypass the file type checks in some web applications.
The rules also contain a large library of known web applications and safe methods that use non standard naming conventions, and can detect known safe methods and ignore them. However it is possible for a new or custom application to do this in an unknown manner and incorrectly trigger this rule.
It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules page.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341137ο
Alert message: Atomicorp.com WAF Rules: Potentially Bogus PHP file
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially Bogus PHP file
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340069ο
Alert message: Atomicorp.com WAF Rules: Web vulnerability scanner
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule is triggered when known vulnerability scanner actions are detected. This looks for events that vulnerability scanners do on purpose to identify themselves to the system they are testing.
Troubleshooting:
False Positives:
There are no known false positives with this rule. The rule looks for the known actions that vulnerability scanners take to specifically identify that they are testing the system, and that do this on purpose so that the operators of the system know that they are being scanned. This is a bit akin to asking the police to check your home for security issues, and upon arriving the police ring your doorbell and tell you they will be starting the assessment. Some vulnerability scanners βannounceβ themselves, and that is what this rule looks for.
False positives with this rule are essentially unheard of.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
Please see the Tuning the Atomicorp WAF Rules page for more information.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340076ο
Alert message: Atomicorp.com WAF Rules: PHP Session attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP Session attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340079ο
Alert message: Atomicorp.com WAF Rules: PHP policy violation
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 10
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP policy violation
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340114ο
Alert message: Atomicorp.com WAF Rules: Apache admin service access attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Apache admin service access attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340116ο
Alert message: Atomicorp.com WAF Rules: Common HTTP vulnerability
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Common HTTP vulnerability
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340097ο
Alert message: Atomicorp.com WAF Rules: Tomcat view source attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Tomcat view source attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340195ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Base64 Encoded PHP function in Argument - this may be an attack.
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
lowercase
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects when base64 encoded PHP code is found in an untrusted argument in a POST request from a client. This means that the client is sending base64 encoded PHP code to your server. If this is not a trusted user using a trusted web application, this is an attack on your system.
Troubleshooting:
False Positives:
If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Do not disable this rule.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340095ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - PHP function in Argument - this may be an attack.
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 54
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
removeComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - PHP function in Argument - this may be an attack.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340087ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - PHP function in URL - this may be an attack.
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
removeComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - PHP function in URL - this may be an attack.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340077ο
Alert message: Atomicorp.com WAF Rules: PHP policy violation
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeWhitespace
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP policy violation
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340096ο
Alert message: Atomicorp.com WAF Rules: PHP policy violation
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP policy violation
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340128ο
Alert message: Atomicorp.com WAF Rules: Remote PHP command exection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 25
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote PHP command exection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340133ο
Alert message: Atomicorp.com WAF Rules: HTTP header PHP code injection attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: HTTP header PHP code injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340011ο
Alert message: Atomicorp.com WAF Rules: Generic PHP exploit pattern denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 11
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic PHP exploit pattern denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390715ο
Alert message: Atomicorp.com WAF Rules: PHP Injection Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 15
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP Injection Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380018ο
Alert message: Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 25
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380019ο
Alert message: Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - base64 encoded
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
lowercase
replaceComments
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - base64 encoded
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380020ο
Alert message: Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - hex encoded
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 10
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
hexDecode
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - hex encoded
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340118ο
Alert message: Atomicorp.com WAF Rules: Generic XML-RPC attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XML-RPC attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390636ο
Alert message: Atomicorp.com WAF Rules: XMLRPC SQL injection attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: XMLRPC SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340121ο
Alert message: Atomicorp.com WAF Rules: XML-RPC attacks on xmlrpc.php
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: XML-RPC attacks on xmlrpc.php
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340122ο
Alert message: Atomicorp.com WAF Rules: XML-RPC SQL injection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 7
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: XML-RPC SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390635ο
Alert message: Atomicorp.com WAF Rules: XMLRPC encoded command injection attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: XMLRPC encoded command injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393635ο
Alert message: Atomicorp.com WAF Rules: XMLRPC base64 encoded command injection attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: XMLRPC base64 encoded command injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340123ο
Alert message: Atomicorp.com WAF Rules: XML-RPC base64 encoded SQL injection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 7
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
lowercase
replaceComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: XML-RPC base64 encoded SQL injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340120ο
Alert message: Atomicorp.com WAF Rules: Generic XML-RPC attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
lowercase
replaceComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XML-RPC attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393636ο
Alert message: Atomicorp.com WAF Rules: XMLRPC base64 encoded SQL injection attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
lowercase
replaceComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: XMLRPC base64 encoded SQL injection attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340134ο
Alert message: Atomicorp.com WAF Rules: Worm signature
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Worm signature
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340138ο
Alert message: Atomicorp.com WAF Rules: Fake image file shell attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects non image content on an image file. This method is sometimes used to hide shells and other unauthorized files as image files.
Troubleshooting:
False Positives:
There are no known false positives for this rule. It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules page.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340140ο
Alert message: Atomicorp.com WAF Rules: Bogus graphics file
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects non image content on an image file. This method is sometimes used to hide shells and other unauthorized files as image files.
Troubleshooting:
False Positives:
There are no known false positives for this rule. It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules page.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340141ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - upload attack - Attempt to upload a non-graphics file as a graphics file blocked
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - upload attack - Attempt to upload a non-graphics file as a graphics file blocked
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347198ο
Alert message: Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347197ο
Alert message: Atomicorp.com WAF Rules: cross site scripting attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: cross site scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 333140ο
Alert message: Atomicorp.com WAF Rules: JavaScript global variable found
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 11
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Description:
Atomicorp.com WAF Rules: JavaScript global variable found
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 333141ο
Alert message: Atomicorp.com WAF Rules: Potential XSS Attack detected
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 16
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cssDecode
htmlEntityDecode
jsDecode
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Description:
Atomicorp.com WAF Rules: Potential XSS Attack detected
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347099ο
Alert message: Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeWhitespace
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347199ο
Alert message: Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeWhitespace
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Vulnerability scanner attempting cross site scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340099ο
Alert message: Atomicorp.com WAF Rules: cross site scripting attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: cross site scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341099ο
Alert message: Atomicorp.com WAF Rules: cross site scripting attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: cross site scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340102ο
Alert message: Atomicorp.com WAF Rules: cross site scripting attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: cross site scripting attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340106ο
Alert message: Atomicorp.com WAF Rules: cross site scripting attempt STYLE + EXPRESSION
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: cross site scripting attempt STYLE + EXPRESSION
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340109ο
Alert message: Atomicorp.com WAF Rules: cross site scripting attempt using XML
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: cross site scripting attempt using XML
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340110ο
Alert message: Atomicorp.com WAF Rules: cross site scripting attempt executing hidden Javascript
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: cross site scripting attempt executing hidden Javascript
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340112ο
Alert message: Atomicorp.com WAF Rules: cross site scripting attempt to execute Javascript code
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects when a client is attempting to inject javascript via either an untrusted argument, untrusted application or both. This may be a cross site scripting attack.
Troubleshooting:
False Positives:
If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Do not disable this rule.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340003ο
Alert message: Atomicorp.com WAF Rules: XSS attack in request headers
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 10
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Cross Site Scripting attack detected in the request headers.
Troubleshooting:
False Positives:
There are no known False Positives for this.
If you believe this is a false positive, it is recommended that you report this to our security team can determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
http://en.wikipedia.org/wiki/Cross-site_scripting
http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
WAF Rule ID 340211ο
Alert message: Atomicorp.com WAF Rules: cross site scripting stealth attempt to access shell
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cssDecode
htmlEntityDecode
jsDecode
lowercase
normalisePath
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: cross site scripting stealth attempt to access shell
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341211ο
Alert message: Atomicorp.com WAF Rules: potentially untrusted encoded javascript detected
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: potentially untrusted encoded javascript detected
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341217ο
Alert message: Atomicorp.com WAF Rules: potentially untrusted encoded javascript detected
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: potentially untrusted encoded javascript detected
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340210ο
Alert message: Atomicorp.com WAF Rules: cross site scripting stealth attempt to access shell
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
normalisePath
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: cross site scripting stealth attempt to access shell
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340113ο
Alert message: Atomicorp.com WAF Rules: Potential attempt to inject javascript
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 36
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
normalisePath
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential attempt to inject javascript
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320474ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 14
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340130ο
Alert message: Atomicorp.com WAF Rules: AngularJS client side template injection detected
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: AngularJS client side template injection detected
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340147ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 162
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rules detects when a potential cross site scripting attack may have occurred. For example, if javascript is included in a variable that appears to not be used for this purpose, or if web code is included in a portion of a request that is not known to be used for this purpose.
Troubleshooting:
False Positives:
This rule may produce a false positive if an application is used in a previously unknown or untested manner. The rules contain a large library of known trusted methods, however it is possible an application may be using a previously untested method. It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system. Instructions to report false positives are detailed on the Reporting False Positives wiki page. If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340149ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 162
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rules detects when a potential cross site scripting attack may have occurred. For example, if javascript is included in a variable that appears to not be used for this purpose, or if web code is included in a portion of a request that is not known to be used for this purpose. This rule looks for encoded methods.
Troubleshooting:
False Positives:
This rule may produce a false positive if an application is used in a previously unknown or untested manner. The rules contain a large library of known trusted methods, however it is possible an application may be using a previously untested method. It is not recommended that you disable this rule if you have a false positive.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 342259ο
Alert message: Atomicorp.com WAF Rules: Possible HTML Injection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 115
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cssDecode
htmlEntityDecode
jsDecode
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Description:
Atomicorp.com WAF Rules: Possible HTML Injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350147ο
Alert message: Atomicorp.com WAF Rules: Potentially Untrusted Web Content Detected
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 161
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rules detects when potentially untrusted web content is used in a client request. For example, if javascript is included in a variable that appears to not be used for this purpose, or if web code is included in a portion of a request that is not known to be used for this purpose.
Troubleshooting:
False Positives:
This rule may produce a false positive if an application is used in a previously unknown or untested manner. The rules contain a large library of known trusted methods, however it is possible an application may be using a previously untested method. It is not recommended that you disable this rule if you have a false positive.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340158ο
Alert message: Atomicorp.com WAF Rules: XSS in referrer
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 20
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: XSS in referrer
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320476ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320475ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340148ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 162
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rules detects when a potential cross site scripting attack may have occurred. For example, if javascript is included in a variable that appears to not be used for this purpose, or if web code is included in a portion of a request that is not known to be used for this purpose. This rule looks for encoded methods.
Troubleshooting:
False Positives:
This rule may produce a false positive if an application is used in a previously unknown or untested manner. The rules contain a large library of known trusted methods, however it is possible an application may be using a previously untested method. It is not recommended that you disable this rule if you have a false positive. If you believe this is a false positive, please report this to our security team to determine if this is a legitimate case, or if its clever attack on your system.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 350148ο
Alert message: Atomicorp.com WAF Rules: Potentially Untrusted Web Content Detected
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 167
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rules detects when potentially untrusted web content is used in a client request. For example, if javascript is included in a variable that appears to not be used for this purpose, or if web code is included in a portion of a request that is not known to be used for this purpose. This rule looks for various encoded methods.
Troubleshooting:
False Positives:
This rule may produce a false positive if an application is used in a previously unknown or untested manner. The rules contain a large library of known trusted methods, however it is possible an application may be using a previously untested method. It is not recommended that you disable this rule if you have a false positive.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 380002ο
Alert message: Atomicorp.com WAF Rules: PHP session cookie attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP session cookie attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380006ο
Alert message: Atomicorp.com WAF Rules: XSS Generic attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 11
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: XSS Generic attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380007ο
Alert message: Atomicorp.com WAF Rules: SQL Inject Generic signature
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: SQL Inject Generic signature
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380016ο
Alert message: Atomicorp.com WAF Rules: SSI injection Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: SSI injection Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340213ο
Alert message: Atomicorp.com WAF Rules: LDAP Injection Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 501
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: LDAP Injection Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390597ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data Leakage - attempt to access backup system/application config file (disable this rule only if you want to allow anyone access to these backup files)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects attempts to access backup copies of configuration files. For example, config.backup, config.old, config.save.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390581ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data Leakage - attempt to access backup file (disable this rule if you require access to files that end with a tilde)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects if a file is access that starts with a ~. For example, the file:
~file
Some applications on Linux use a ~ to make a file as temporary. Sensitive information is often stored in such temporary files.
Troubleshooting:
False Positives:
A false positive can occur when you need to access files with ~βs in the name.
This rule is not triggered when a a directory is accessed with a ~, such as ~user/.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 390582ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access backup file (disable this rule if you require access to files that nclude .bak)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects if a file that ends in the .bak extension.
Some applications use .bak to store temporary or backup files. Sensitive information is often stored in such temporary files.
Troubleshooting:
False Positives:
A false positive can occur when you need to access a file with .bak extension.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 390583ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .old)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects if a file that ends in the .old extension.
Some applications use the .old extension to save files that store temporary or backup files. Sensitive information is often stored in such temporary files.
Troubleshooting:
False Positives:
A false positive can occur when you need to access a file with .old extension.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 390784ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access debug log file (disable this rule if you require access to files that end with debug.log)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access debug log file (disable this rule if you require access to files that end with debug.log)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390786ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access log file (disable this rule if you require access to files that end with .log)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access log file (disable this rule if you require access to files that end with .log)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390584ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .orig)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects if a file that ends in the .orig extension.
Some applications use the .orig extension when creating files that store temporary or backup files. Sensitive information is often stored in such temporary files.
Troubleshooting:
False Positives:
A false positive can occur when you need to access a file with .orig extension.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 390586ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .copy)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects if a file that ends in the .copy extension.
Some applications use the .copy extension when creating files that store temporary or backup files. Sensitive information is often stored in such temporary files.
Troubleshooting:
False Positives:
A false positive can occur when you need to access a file with .copy extension.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 390587ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .sw)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects if a file that ends in the .swp extension, and other variants. Some applications use the .swp extension when creating files that store temporary or backup files. Sensitive information is often stored in such temporary files, such as database passwords and other sensitive information when developers work on web files, such as .php, .cgi, .asp and other languages where an attacker can not view the source of those files. Attackers regularly scan for these files to steal credentials that then use to break into systems. This is one of the easier methods for penetrating systems, which is why it so popular with attackers.
Troubleshooting:
False Positives:
A false positive can occur when you need to access a file with .swp extension.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by identifying the argument that is being triggered, and specifically allowing that argument for that application to allow a URL.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 390588ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .backup)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .backup)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390589ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .mdb)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access backup file (disable this rule if you require access to files that end with .mdb)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350589ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access vi recovery file (disable this rule if you require access to files that end with .mdb)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access vi recovery file (disable this rule if you require access to files that end with .mdb)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350590ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access raw SQL files (disable this rule if you require access to files that end with .sql)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access raw SQL files (disable this rule if you require access to files that end with .sql)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350591ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access raw Private cryto keys
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access raw Private cryto keys
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350592ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access AWS credentials
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access AWS credentials
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350593ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access stored vscode passwords
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - Data leakage - attempt to access stored vscode passwords
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380013ο
Alert message: Atomicorp.com WAF Rules: ASL Configuration Leak Prevented
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 4
HTTP Status: 404
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: ASL Configuration Leak Prevented
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360013ο
Alert message: Atomicorp.com WAF Rules: Horde system configuration Leak Prevented
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 4
HTTP Status: 404
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Horde system configuration Leak Prevented
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390585ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - XSS probe
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - XSS probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 393585ο
Alert message: Atomicorp.com WAF Rules: XSS attack on ASL GUI
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: XSS attack on ASL GUI
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340463ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 9
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
hexDecode
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340462ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 9
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Inbound undefined compressed content (not be confused with compressed files or properly defined compressed content) is invisible to all Web Application Firewalls. Therefore they can not see or evaluate any traffic encoded in this manner. If an attack were to be encoded in this way the WAF would not catch it, therefore WAFs are configured to block this traffic.
This rule looks for this header:
Content-Encoding: Identity
If this header exists, the request is rejected because the WAF can not decode this kind of content. It is invisible to the WAF (because its compressed, but the method of compression is not defined, so the WAF has no idea how to uncompress it), and therefore an attack can simply bypass the WAF by compressing an attack.
Do not disable this rule.
Background
The use of this method is also consider invalid by the HTTP 1.1 RFC. This content-coding is used only in the Accept-Encoding header, and SHOULD NOT be used in the Content-Encoding header. This rule detects this RFC non-compliant compressed inbound content and blocks it correctly. The content is both invalid, and invisible to the WAF. The use of this method is extremely rare in practice, as properly designed client applications will not do this. If you have an application that performs in this manner the application is not in compliance with RFCs, is generating invalid encodings, is producing content the WAF will not be able to decompress (and which it will therefore block) and should be modified to be in compliance with the HTTP 1.1 RFC.
See the RFC in the references section below for technical details.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340464ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (admin.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 58
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (admin.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340465ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (admin.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 58
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (admin.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340466ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340467ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (cpinquiry.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340468ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (save-page.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (save-page.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340469ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (save-page.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (save-page.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340470ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340471ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (guestbook.pl)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340472ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340473ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modules/wysiwyg/save.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370144ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection 2
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection 2
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370016ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340247ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340248ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340249ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340457ο
Alert message: Atomicorp.com WAF Rules: Generic SQL inline command protection (/admin/index.php exclude)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL inline command protection (/admin/index.php exclude)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340476ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 32
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340477ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 30
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/index.php exclude)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340478ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340479ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/admincp/user.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340482ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340483ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/admincp/template.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340484ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (contact.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (contact.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340485ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (contact.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (contact.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340486ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340487ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/conf.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340488ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340489ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/posted/edit_listing.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340490ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340491ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/private.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340492ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340493ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340444ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection (/forums/newreply.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection (/forums/newreply.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340494ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340495ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forums/newreply.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340496ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/links.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/links.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340497ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/links.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/links.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340498ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection (/forums/newreply.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 7
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection (/forums/newreply.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340499ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340500ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wysiwyg-edit)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340503ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340504ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt4/mt-comments.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340505ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340506ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/dogen_display.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340509ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340510ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/modernbill5/app-modernbill-admin/clients.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340511ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340512ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/database/dbpro.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340515ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection (/admin/patch.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection (/admin/patch.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344516ο
Alert message: Atomicorp.com WAF Rules: Generic SQL inline command protection (/admin/patch.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 11
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL inline command protection (/admin/patch.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340517ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340518ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/images/logdnet.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340519ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340520ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact_form.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340521ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340522ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/forum/register.ph)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360128ο
Alert message: Atomicorp.com WAF Rules: Remote PHP command exection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote PHP command exection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340523ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340524ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/manager/index.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350855ο
Alert message: Atomicorp.com WAF Rules: Include File Injection attempt in argument
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Include File Injection attempt in argument
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350160ο
Alert message: Atomicorp.com WAF Rules: Generic SQL Injection protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
hexDecode
htmlEntityDecode
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL Injection protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350159ο
Alert message: Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 28
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
hexDecode
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350157ο
Alert message: Atomicorp.com WAF Rules: Generic SQL inline command protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 32
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL inline command protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340525ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340526ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/class/class_add.pl)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340527ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/insert_image)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/insert_image)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340528ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/insert_uimage)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/insert_uimage)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340529ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /administration/news.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /administration/news.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340530ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/administration/news.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/administration/news.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340531ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340532ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editor.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340533ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340544ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340545ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340546ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/frame.aspx)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340547ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340548ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/spaw/gethref.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340549ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340550ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/mt/mt.fcgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340551ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340552ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/runmodule.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340553ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340554ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/frame.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340555ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/videos/install)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/videos/install)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340556ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/videos/install)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/videos/install)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340557ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340558ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/support/staff/index.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340559ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340560ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/procform.pl)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340561ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340562ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/admin/editcontent.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340563ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340564ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/html2rss/rss.aspx)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340565ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340566ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS ( /winnder_step2.1.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340567ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340568ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/contact/website.php )
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340569ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340570ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/wbb/acp/template.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 346144ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection (/sregister2-p.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 12
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection (/sregister2-p.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344156ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection (/posting.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection (/posting.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340571ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340572ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/phpmysupport/trackerimage.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340573ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/chat.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/chat.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340574ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/chat.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/chat.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340577ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340578ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/egroupware/etemplate/process_exec.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340581ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340582ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/acollab/install/install.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340583ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340584ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/includes/popup.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340585ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340586ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-bin/cgiemail/testform.txt)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340587ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340588ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/ubbthreads/admin/doeditboard.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340589ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340590ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/anyinventory/admin/item_processor.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340591ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340592ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/default/browser.html)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341592ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340593ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340596ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340597ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340598ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340599ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (/cgi-sys/FormMail.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340600ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340601ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340602ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340603ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340604ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340605ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340607ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340608ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340609ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340610ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340611ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340612ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340613ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule checks for the NULL character in any URI, Filename, Header name or Header, except for Cookies and special known cases. NULLs can be used to bypass certain security checks and are often used as part of evasion attacks on web application firewalls.
Troubleshooting:
False Positives:
This can be triggered if an application legitimately uses a NULL as a value for a Header. This has only been seen used for some Cookies, and should never be seen for URLs, File Names or Header Names.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340614ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule checks for the NULL character in any Argument or Argument name, except in special cases where it is known that this will occur safely. NULLs can be used to bypass certain security checks and are often used as part of evasion attacks on web application firewalls.
Troubleshooting:
False Positives:
This can be triggered if an application legitimately uses a NULL in an Argument.
This can be triggered if an application use a NULL as part of an argument name. It is not expected that any application would use a NULL legitimately in an Argument Name.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 340615ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule checks for attacks that attempt to encode themselves in invalid ways.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340616ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
A valid POST request should have a Content-Length header. POSTS that do not include this can be indicative of an attack.
Troubleshooting:
False Positives:
This can be triggered if an application is poorly written and does not include this header. If you must disable this rule, you should disable it only for that specific application and only from trusted IP addresses. The best option is to fix the application so that it includes this Header.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340617ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
GET and HEAD requests can not have bodies. This rule detects an attempt to include a body with these methods and can be part of attempt to attack your system by hiding or smuggling content in a non-standard method.
Troubleshooting:
False Positives:
There are no known False Positives for this. This method is also invalid HTTP and should not be allowed.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340618ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
A valid Content-Length header must contain a numeric valid. If this rule was triggered it means a non-numeric and therefore invalid value was found. This can be indicative of an attack.
Troubleshooting:
False Positives:
There are no known False Positives for this. Any request that includes a non-numeric valid in this field would never work correctly.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340619ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This attack combines transfer encoding and content length attacks. There is no legitimate traffic that uses this method, this is an attack.
Troubleshooting:
False Positives:
There are no known False Positives for this.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340620ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Your system is using UTF8 encoding an invalid data base been recieved that claims to be using the uft-8 character set. This can be indicative of an attack that is attempting to encode itself as UTF-8 hoping to evade the web application firewall or some other system.
Troubleshooting:
False Positives:
There are no known False Positives for this.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340621ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340622ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340623ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340624ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340625ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340626ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340627ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340628ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340629ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340630ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340631ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340632ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340633ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340634ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340635ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340636ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340637ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340638ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340639ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340640ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340641ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340642ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340643ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340644ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340645ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340646ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340647ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340648ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340649ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340650ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects an attack on modsecurity itself. Versions of modsecurity up to 2.5.9 could be bypassed via this attack. This rule detects and prevents those attacks from working.
Troubleshooting:
False Positives:
There are no known False Positives for this.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340651ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340652ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340653ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340654ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340655ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340656ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340657ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340658ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340659ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340660ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340661ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340662ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341661ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341662ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340663ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340664ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340665ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340666ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340667ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340668ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340669ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340670ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340672ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340673ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341672ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341673ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340674ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340675ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340676ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340677ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340678ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340679ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340680ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340681ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340682ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340683ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340684ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 9
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340685ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 9
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340686ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340687ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340690ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340691ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340692ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340693ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340694ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340695ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340696ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340697ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340698ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340699ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340700ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340701ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340702ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340703ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340704ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340705ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344729ο
Alert message: Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344730ο
Alert message: Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344731ο
Alert message: Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially malicious code injection via WP plugin-editor
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340706ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340707ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340708ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340709ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340710ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340711ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340712ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340713ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340714ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340715ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320465ο
Alert message: Atomicorp.com WAF Rules: Attempt to Access protect file Remotely
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attempt to Access protect file Remotely
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320466ο
Alert message: Atomicorp.com WAF Rules: Attempt to Access protect file Remotely
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attempt to Access protect file Remotely
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320464ο
Alert message: Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
normalisePath
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340716ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340717ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 8
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360030ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340718ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340719ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340720ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340721ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340722ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340723ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340724ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340725ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340726ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340727ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 375726ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 375737ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 376726ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 375727ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340730ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340731ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340732ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340733ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340734ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340735ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340736ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340737ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340738ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340739ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340740ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340741ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340742ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340743ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341744ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341745ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340746ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340747ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360029ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - command in REQUEST_URI or Argument
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 36
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - command in REQUEST_URI or Argument
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347006ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 69
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340748ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 342128ο
Alert message: Atomicorp.com WAF Rules: Remote PHP command exection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 21
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote PHP command exection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336142ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 13
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336141ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 13
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 387123ο
Alert message: Atomicorp.com WAF Rules: Generic php body attack attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic php body attack attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350096ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350097ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 47
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
replaceComments
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350095ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - PHP attack in Argument
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 12
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - PHP attack in Argument
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310716ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 34
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
removeNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310717ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 215
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
removeNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310718ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 41
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 343329ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - command in REQUEST_URI or Argument
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - command in REQUEST_URI or Argument
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 310618ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 92
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
removeNulls
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341544ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection (/administrator/index2.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection (/administrator/index2.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341545ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection (/administrator/index2.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection (/administrator/index2.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340789ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341808ο
Alert message: Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
hexDecode
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340794ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340796ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 14
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340744ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340750ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341746ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340752ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350746ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350756ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 343745ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340758ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340745ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340760ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340761ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340762ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340763ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340764ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 5
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340765ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340766ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340767ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340768ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340769ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340770ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340771ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340772ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340775ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340776ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341776ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341778ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340671ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 19
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390725ο
Alert message: Atomicorp.com WAF Rules: PHP Injection Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP Injection Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340777ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345729ο
Alert message: Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345730ο
Alert message: Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345731ο
Alert message: Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially malicious code injection via WP theme-editor
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340779ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340780ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340781ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340782ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340785ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340786ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340787ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340788ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340790ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340791ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340792ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340793ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340795ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection 2
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection 2
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340797ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340798ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340799ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection 2
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection 2
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340800ο
Alert message: Atomicorp.com WAF Rules: SQL Inject Generic signature
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: SQL Inject Generic signature
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340801ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340802ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340803ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340804ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340805ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340806ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340807ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340808ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340810ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340811ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340812ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340813ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340814ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340815ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340816ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340817ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340818ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 12
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
removeNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340819ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 22
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340820ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 18
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340821ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
removeNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340822ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340823ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
removeNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360678ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
removeNulls
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360679ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341149ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 112
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
removeNulls
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341823ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
removeNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340824ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 33
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340825ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection 2
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection 2
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340852ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection 2
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection 2
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340826ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340827ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
removeNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340828ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
removeNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340829ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340830ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340831ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340832ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 347714ο
Alert message: Atomicorp.com WAF Rules: CMD injection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 18
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: CMD injection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345195ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - Base64 Encoded PHP function in Argument - this may be an attack.
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
lowercase
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - Base64 Encoded PHP function in Argument - this may be an attack.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340833ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340834ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340835ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340836ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340837ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340840ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340841ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340842ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340843ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection 2
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection 2
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340844ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340845ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340846ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340847ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340848ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340849ο
Alert message: Atomicorp.com WAF Rules: Generic SQL injection protection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL injection protection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340850ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340851ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340860ο
Alert message: Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
normalisePath
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340870ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340871ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340872ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340873ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340874ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320463ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 9
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320462ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 9
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 321463ο
Alert message: Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
normalisePath
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 321464ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320468ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320469ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (modules.php)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320470ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320472ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320471ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320572ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 179
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320473ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 179
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 321486ο
Alert message: Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
normalisePath
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320486ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 359008ο
Alert message: Atomicorp.com WAF Rules: Suspicious deep path recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
normalisePath
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Suspicious deep path recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320487ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 359208ο
Alert message: Atomicorp.com WAF Rules: Suspicious deep path recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
normalisePath
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Suspicious deep path recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390726ο
Alert message: Atomicorp.com WAF Rules: PHP Injection Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP Injection Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390727ο
Alert message: Atomicorp.com WAF Rules: cross site scripting stealth attempt to inject javascript
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
htmlEntityDecode
normalisePath
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: cross site scripting stealth attempt to inject javascript
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390728ο
Alert message: Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
normalisePath
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Protected Path Access denied in URI/ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390729ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390730ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390731ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370147ο
Alert message: Atomicorp.com WAF Rules: Generic XSS filter
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 87
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic XSS filter
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370148ο
Alert message: Atomicorp.com WAF Rules: Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 95
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370149ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370150ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370151ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370152ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370153ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370154ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370155ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370156ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 370157ο
Alert message: Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360663ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360664ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360665ο
Alert message: Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 28
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
hexDecode
htmlEntityDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360666ο
Alert message: Atomicorp.com WAF Rules: PHP attack in Argument
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP attack in Argument
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360667ο
Alert message: Atomicorp.com WAF Rules: PHP attack in Argument
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: PHP attack in Argument
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360668ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360669ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360670ο
Alert message: Atomicorp.com WAF Rules: Attempt to Access protect file Remotely
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 14
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attempt to Access protect file Remotely
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360671ο
Alert message: Atomicorp.com WAF Rules: Attempt to Access protect file Remotely
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 6
Severity: Emergency (HIDS: 14)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attempt to Access protect file Remotely
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360672ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360673ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360674ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360675ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360676ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 360677ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330162ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330163ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350474ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350475ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350247ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350248ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 129
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 361248ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 350249ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 129
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330475ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330476ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (mt.cgi)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330477ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 330478ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 361128ο
Alert message: Atomicorp.com WAF Rules: Remote PHP command exection
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 14
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote PHP command exection
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 361129ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 361130ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 361131ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - PHP function in Argument - this may be an attack.
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - PHP function in Argument - this may be an attack.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 362129ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 362130ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 362131ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 362132ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344195ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - PHP function in Argument - this may be an attack.
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 33
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - PHP function in Argument - this may be an attack.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344196ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - PHP function in Argument - this may be an attack.
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - PHP function in Argument - this may be an attack.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344296ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - PHP function in Argument - this may be an attack.
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - PHP function in Argument - this may be an attack.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336633ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336634ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 378451ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 343307ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 39
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
lowercase
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336133ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336134ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 380572ο
Alert message: Atomicorp.com WAF Rules: Attack Blocked - SQL injection probe
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Attack Blocked - SQL injection probe
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336135ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336136ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336137ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336138ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336139ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336140ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336240ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336241ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336242ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336243ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336244ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
normalisePath
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 336245ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320162ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 287
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320163ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 287
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320164ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (AE)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 320165ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341726ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341727ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341737ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341738ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341739ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 341740ο
Alert message: Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
hexDecode
htmlEntityDecode
lowercase
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Remote File Injection attempt in ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 344596ο
Alert message: Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
cmdLine
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic Path Recursion denied in URI/ARGS
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390147ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390148ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
This rule detects if a files name looks suspicious. This a very fast and simple way of looking for potentially malicious scripts and programs. Other rules will attempt to look at the content of a file to determine if its malicious, these rules exist in other rule families and are more CPU intensive, so not all users will be using this more complex rules. Furthermore, these more complex rules are always able to detect every possible piece of malicious software. The intent of this rule is to detect known or suspiscious file names (such as shell.php, or massspam.pl) for action.
Troubleshooting:
False Positives:
A false positive can occur when an application or file legitimately uses one of these file names. The rule, when triggered, will tell you what the filename is such as in the example below:
[msg βAtomicorp.com WAF Rules: Suspicious filename, possible unauthorized shell or other malicious script. Disable this rule if you know this file is not malicious.β] [data β/ssh2.jpgβ]
The highlighted area is the file name.
The rules contain a large library of known web applications and safe methods for using these file names, and can detect known safe methods and ignore them. However it is possible for a new or custom application or file to do this in an unknown manner and incorrectly trigger this rule.
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
If you know that this behavior is acceptable for your application, you can tune it by following the guidance on the Tuning the Atomicorp WAF Rules page.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
Outside References:
None.
WAF Rule ID 344159ο
Alert message: Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
base64Decode
compressWhitespace
hexDecode
lowercase
replaceComments
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Generic SQL inline command protection (MM)
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391147ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
replaceComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 391148ο
Alert message: Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Rule Class: Generic Attack Ruleset (10_asl_rules.conf)
Version: 3
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 403
Action: deny
Transforms:
compressWhitespace
cssDecode
htmlEntityDecode
jsDecode
lowercase
removeNulls
removeComments
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com WAF Rules: Potential Cross Site Scripting Attack
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.