WAF Rule ID 340202
Alert message: Invalid SessionID Submitted.
Rule Class: Generic Attack Ruleset (70_asl_csrf_experimental.conf)
Version: 1
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status:
Action:
Transforms:
Log Types:
Basic Information (log)
Description:
Invalid SessionID Submitted.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340207
Alert message: Warning - Sticky SessionID Data Changed - User-Agent Mismatch.
Rule Class: Generic Attack Ruleset (70_asl_csrf_experimental.conf)
Version:
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status:
Action: pass
Transforms:
Log Types:
Description:
Warning - Sticky SessionID Data Changed - User-Agent Mismatch.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 340208
Alert message: Possible Session Hijacking - IP Address and User-Agent Mismatch.
Rule Class: Generic Attack Ruleset (70_asl_csrf_experimental.conf)
Version:
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 1
HTTP Status:
Action: pass
Transforms:
Log Types:
Description:
Possible Session Hijacking - IP Address and User-Agent Mismatch.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345402
Alert message: CSRF Attack Detected - Missing CSRF Token.
Rule Class: Generic Attack Ruleset (70_asl_csrf_experimental.conf)
Version:
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status:
Action: pass
Transforms:
Log Types:
Description:
CSRF Attack Detected - Missing CSRF Token.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.
WAF Rule ID 345403
Alert message: CSRF Attack Detected - Invalid Token.
Rule Class: Generic Attack Ruleset (70_asl_csrf_experimental.conf)
Version:
Severity: Critical (HIDS: 9)
HTTP Protocol Phase: 2
HTTP Status:
Action: pass
Transforms:
Log Types:
Description:
CSRF Attack Detected - Invalid Token.
Troubleshooting:
False Positives:
Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.
Configuration Notes:
enabled by: MODSEC_10_RULES
Requires Engine version: 2.9.0 or above
Tuning guidance Notes:
None.
If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules
Additional Information:
Similar rules:
None.
Outside References:
None.