WAF Rule ID 390620

Alert message: Atomicorp.com WAF Rules: UTF8 Encoding Abuse Attack Attempt

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 8

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 400

Action: pass

Transforms:

Log Types:

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: UTF8 Encoding Abuse Attack Attempt

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 341147

Alert message: Atomicorp.com WAF Rules: SQL injection probe

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 11

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 1

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: SQL injection probe

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 341148

Alert message: Atomicorp.com WAF Rules: RCE injection probe

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 11

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

  • removeWhitespace

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: RCE injection probe

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 383023

Alert message: Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - base64 encoded

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 6

Severity: Emergency (HIDS: 14)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • base64DecodeExt

  • compressWhitespace

  • lowercase

  • replaceComments

  • replaceNulls

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Potentially malicious PHP code injection attempt - base64 encoded

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 340196

Alert message: Atomicorp.com WAF Rules: PHP function in Argument - this may be an attack.

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 1

Severity: Critical (HIDS: 9)

HTTP Protocol Phase:

HTTP Status: 403

Action: deny

Transforms:

  • base64DecodeExt

  • compressWhitespace

  • lowercase

  • removeComments

  • replaceNulls

Log Types:

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: PHP function in Argument - this may be an attack.

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 341155

Alert message: Atomicorp.com WAF Rules: Generic SQL Injection protection

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 3

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • compressWhitespace

  • removeComments

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Generic SQL Injection protection

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 341156

Alert message: Atomicorp.com WAF Rules: Generic SQL Injection protection

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 3

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • removeWhitespace

  • removeComments

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Generic SQL Injection protection

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 341145

Alert message: Atomicorp.com WAF Rules: SQL injection probe

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 11

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • cmdLine

  • compressWhitespace

  • lowercase

  • removeComments

  • replaceNulls

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 341146

Alert message: Atomicorp.com WAF Rules: SQL injection probe

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 1

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • compressWhitespace

  • lowercase

  • removeComments

  • replaceNulls

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: SQL injection probe

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 341245

Alert message: Atomicorp.com WAF Rules: SQL injection attack (detectSQLi)

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 56

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • removeNulls

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 341250

Alert message: Atomicorp.com WAF Rules: SQL injection attack (detectSQLi)

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 47

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • base64Decode

  • sqlHexDecode

  • removeNulls

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: SQL injection attack (detectSQLi)

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 361148

Alert message: Atomicorp.com WAF Rules: SQL version probe blocked

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 1

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • compressWhitespace

  • lowercase

  • removeComments

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: SQL version probe blocked

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 361149

Alert message: Atomicorp.com WAF Rules: MySQL waitfor probe blocked

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 1

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • compressWhitespace

  • lowercase

  • removeComments

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: MySQL waitfor probe blocked

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 331026

Alert message: Atomicorp.com WAF Rules: SQL Operator Attack Detected.

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 13

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: SQL Operator Attack Detected.

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 331027

Alert message: Atomicorp.com WAF Rules: SQL Attack Detected.

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 14

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • urlDecodeUni

Log Types:

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: SQL Attack Detected.

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 331028

Alert message: Atomicorp.com WAF Rules: Unauthorized SQL access to database Detected.

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 13

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Unauthorized SQL access to database Detected.

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 360147

Alert message: Atomicorp.com WAF Rules: Advanced SQL evasion protection

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 10

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • cmdLine

  • compressWhitespace

  • htmlEntityDecode

  • lowercase

  • removeComments

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Advanced SQL evasion protection

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 360148

Alert message: Atomicorp.com WAF Rules: Advanced SQL evasion protection

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 7

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • sqlHexDecode

  • compressWhitespace

  • lowercase

  • removeComments

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Advanced SQL evasion protection

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 360149

Alert message: Atomicorp.com WAF Rules: SQL injection in Referer header blocked

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 2

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • sqlHexDecode

  • compressWhitespace

  • lowercase

  • removeComments

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: SQL injection in Referer header blocked

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 331029

Alert message: Atomicorp.com WAF Rules: Obfuscated Javascript injection.

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 11

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • compressWhitespace

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Obfuscated Javascript injection.

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 360150

Alert message: Atomicorp.com WAF Rules: Advanced SQL evasion protection

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 1

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • sqlHexDecode

  • lowercase

  • removeWhitespace

  • removeComments

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: Advanced SQL evasion protection

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 360151

Alert message: Atomicorp.com WAF Rules: PHP Injection Attack: Variable Function Call Found

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 30

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • compressWhitespace

  • replaceComments

  • urlDecode

Log Types:

  • Basic Information (log)

Description:

Atomicorp.com WAF Rules: PHP Injection Attack: Variable Function Call Found

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 360152

Alert message: Atomicorp.com WAF Rules: PHP Injection Attack: Variables Found

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 6

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

  • normalisePath

  • urlDecodeUni

Log Types:

  • Basic Information (log)

Description:

Atomicorp.com WAF Rules: PHP Injection Attack: Variables Found

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 360153

Alert message: Atomicorp.com WAF Rules: PHP Injection Attack: PPHP functions Found

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 8

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: PHP Injection Attack: PPHP functions Found

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 341247

Alert message: Atomicorp.com WAF Rules: SQL injection attack (detectSQLi)

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 21

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • sqlHexDecode

  • lowercase

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Atomicorp.com WAF Rules: SQL injection attack (detectSQLi)

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.

WAF Rule ID 331126

Alert message: Atomicorp.com WAF Rules: SQL Operator Attack Detected.

Rule Class: Generic Attack Ruleset (11_asl_adv_rules.conf)

Version: 7

Severity: Critical (HIDS: 9)

HTTP Protocol Phase: 2

HTTP Status: 403

Action: deny

Transforms:

  • urlDecodeUni

Log Types:

Description:

Atomicorp.com WAF Rules: SQL Operator Attack Detected.

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

None.

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References:

None.