WAF Rule ID 330791

Alert message: Failed to parse request body. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.

Rule Class: Generic Attack Ruleset (00_asl_z_antievasion.conf)

Version: 2

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 400

Action: deny

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

WAF Rule ID 340152

Alert message: Request Body Parsing Failed. %{REQBODY_PROCESSOR_ERROR_MSG}: check your application or client for errors, this is not a false positive.

Rule Class: Generic Attack Ruleset (00_asl_z_antievasion.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 400

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

WAF Rule ID 390700

Alert message: Atomicorp.com WAF Rules: Evasion Attack: Invalid filename in FILES argument. Which may be a possible attempt at multipart/form-data bypass

Rule Class: Generic Attack Ruleset (00_asl_z_antievasion.conf)

Version: 7

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References: