WAF Rule ID 330792

Alert message: Multipart parser detected a possible unmatched boundary. This may be an impedence mismatch attack, a broken application or a broken connection. This is not a false positive. Check your application or client for errors.

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 2

Severity: Notice (HIDS: 6)

HTTP Protocol Phase: 2

HTTP Status:

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

WAF Rule ID 330793

Alert message: Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, IP %{MULTIPART_INVALID_PART}, FL %{MULTIPART_FILE_LIMIT_EXCEEDED}

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 3

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

WAF Rule ID 350708

Alert message: ModSecurity internal error flagged: %{MATCHED_VAR_NAME}

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version:

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

ModSecurity internal error flagged: %{MATCHED_VAR_NAME}

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 350709

Alert message: Request Body Larger than SecRequestBodyLimit Setting

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version:

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 1

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Request Body Larger than SecRequestBodyLimit Setting

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 350710

Alert message: Response Body Larger than SecResponseBodyLimit Setting

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version:

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 1

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Response Body Larger than SecResponseBodyLimit Setting

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 314681

Alert message: Atomicorp.com WAF Rules: Invalid HTTP method detected

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 1

Severity: Error (HIDS: 8)

HTTP Protocol Phase: 1

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Invalid HTTP method detected

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390703

Alert message: Atomicorp.com WAF Rules: Possible URL Encoding Abuse Attack Attempt

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 5

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 400

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390704

Alert message: Atomicorp.com WAF Rules: Possible Encoding Abuse Attack Attempt

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 400

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Possible Encoding Abuse Attack Attempt

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 331030

Alert message: Atomicorp.com WAF Rules: Suspicious activity detected - HTTP Request Missing a Host Header

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 400

Action: pass

Options: No active Response

Transforms:

Log Types:

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 331031

Alert message: Atomicorp.com WAF Rules: Suspicious activity detected - Empty Host Header detected in HTTP request

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 400

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Suspicious activity detected - Empty Host Header detected in HTTP request

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 331032

Alert message: Atomicorp.com WAF Rules: Suspicious activity detected - Host header is a numeric IP address

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 4

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 400

Action: pass

Options: No active Response

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390713

Alert message: Atomicorp.com WAF Rules: HTTP Response Splitting Attack

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 4

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • compressWhitespace

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: HTTP Response Splitting Attack

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390714

Alert message: Atomicorp.com WAF Rules: HTTP Splitting (CR/LF in request filename detected)

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 2

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 1

HTTP Status: 403

Action: deny

Transforms:

  • urlDecodeUni

Log Types:

  • Basic Information (log)

Description:

Atomicorp.com WAF Rules: HTTP Splitting (CR/LF in request filename detected)

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390716

Alert message: Atomicorp.com WAF Rules: URL file extension is restricted by policy

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 2

Severity: Error (HIDS: 8)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: URL file extension is restricted by policy

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390621

Alert message: Atomicorp.com WAF Rules: Unicode Width Attack Attempt

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 5

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390763

Alert message: Atomicorp.com WAF Rules: Command Line style Encoding Abuse Attack Attempt

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 5

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Command Line style Encoding Abuse Attack Attempt

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390708

Alert message: Atomicorp.com WAF Rules: Session Fixation Attack

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 5

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 501

Action: deny

Transforms:

  • compressWhitespace

  • htmlEntityDecode

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Session Fixation Attack

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390718

Alert message: Atomicorp.com WAF Rules: Session Fixation Attack

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 501

Action: deny

Transforms:

  • compressWhitespace

  • htmlEntityDecode

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Session Fixation Attack

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390739

Alert message: Atomicorp.com WAF Rules: Possible Session Fixation attack

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Possible Session Fixation attack

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 330700

Alert message: Atomicorp.com WAF Rules: Invalid HTTP Request Line in violation of RFC (if you do not wish to follow HTTP RFCs, disable this rule)

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 330773

Alert message: Atomicorp.com WAF Rules: client redefining HTTP_PROXY value denied

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 356331

Alert message: Atomicorp.com WAF Rules: Code injection in HTTP header attack blocked

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 2

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • compressWhitespace

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Code injection in HTTP header attack blocked

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 356332

Alert message: Atomicorp.com WAF Rules: invalid characters in User-Agent header

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 1

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • removeWhitespace

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: invalid characters in User-Agent header

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390720

Alert message: Atomicorp.com WAF Rules: Possible Impedence Mismatch attack on PHP appliction using space to start argument name

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 6

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Options: No active Response

Transforms:

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

Description:

Atomicorp.com WAF Rules: Possible Impedence Mismatch attack on PHP appliction using space to start argument name

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 390722

Alert message: Atomicorp.com WAF Rules: HTTP Header Injection Attack via payload (CR/LF detected)

Rule Class: Generic Attack Ruleset (00_asl_zz_strict.conf)

Version: 3

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • htmlEntityDecode

  • urlDecodeUni

Log Types:

Description:

Atomicorp.com WAF Rules: HTTP Header Injection Attack via payload (CR/LF detected)

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.