WAF Rule ID 390500
Alert message: Atomicorp.com Malware Script Blacklist: Possible Malware Script detected in URL
Rule Class: Generic Attack Ruleset (51_asl_rootkits.conf)
Version: 2
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status:
Action:
Transforms:
compressWhitespace
htmlEntityDecode
lowercase
replaceNulls
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Atomicorp.com Malware Script Blacklist: Possible Malware Script detected in URL
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 390501
Alert message: Atomicorp.com Malware Script Blacklist: Known Malware detected in Request Filename
Rule Class: Generic Attack Ruleset (51_asl_rootkits.conf)
Version: 4
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status: 404
Action: deny
Transforms:
normalisePath
urlDecodeUni
Log Types:
Basic Information (log)
Capture full session (auditlog)
Description:
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.