WAF Rule ID 360009


Alert message: Atomicorp.com Malicious Domain Output Detector: Malware domain detected in webserver output and NOT BLOCKED. This means your system may be serving up malware.

Rule Class: Generic Attack Ruleset (99_asl_redactor_post.conf)

Version: 2

Severity: Warning (HIDS: 7)

HTTP Protocol Phase: 4

HTTP Status:

Action: pass

Transforms:

  • htmlEntityDecode

  • urlDecodeUni

Log Types:

  • Basic Information (log)

  • Capture full session (auditlog)

Description:

Troubleshooting:

False Positives:

Instructions to report false positives are detailed at Reporting False Positives If it is a false positive, we will fix the issue in the rules and get a release out to you promptly.

Configuration Notes:

  • enabled by: MODSEC_10_RULES

  • Requires Engine version: 2.9.0 or above

Tuning guidance Notes:

If you know that this behavior is acceptable for your application, you can tune by following the guidance on the Tuning the Atomicorp WAF Rules

Additional Information:

Similar rules:

None.

Outside References: