App Gateway - OWASP Changelog: 2.2.9 → 3.0¶
Generated: 05 July 2026 | Base: 2.2.9 | Target: 3.0
Summary: 159 added · 244 removed · 0 changed
Added Rules¶
| Rule ID | Rule Group Name | Description | Action | State |
|---|---|---|---|---|
| 800100 | Known-CVEs | Rule to help detect and mitigate log4j vulnerability - CVE-2021-44228 | AnomalyScoring | Enabled |
| 800110 | Known-CVEs | Spring4Shell Interaction Attempt | AnomalyScoring | Enabled |
| 800111 | Known-CVEs | Attempted Spring Cloud routing-expression injection - CVE-2022-22963 | AnomalyScoring | Enabled |
| 800112 | Known-CVEs | Attempted Spring Framework unsafe class object exploitation - CVE-2022-22965 | AnomalyScoring | Enabled |
| 800113 | Known-CVEs | Attempted Spring Cloud Gateway Actuator injection - CVE-2022-22947 | AnomalyScoring | Enabled |
| 911100 | REQUEST-911-METHOD-ENFORCEMENT | Method is not allowed by policy | AnomalyScoring | Enabled |
| 913100 | REQUEST-913-SCANNER-DETECTION | Found User-Agent associated with security scanner | AnomalyScoring | Enabled |
| 913101 | REQUEST-913-SCANNER-DETECTION | Found User-Agent associated with scripting/generic HTTP client | AnomalyScoring | Enabled |
| 913102 | REQUEST-913-SCANNER-DETECTION | Found User-Agent associated with web crawler/bot | AnomalyScoring | Enabled |
| 913110 | REQUEST-913-SCANNER-DETECTION | Found request header associated with security scanner | AnomalyScoring | Enabled |
| 913120 | REQUEST-913-SCANNER-DETECTION | Found request filename/argument associated with security scanner | AnomalyScoring | Enabled |
| 920100 | REQUEST-920-PROTOCOL-ENFORCEMENT | Invalid HTTP Request Line | AnomalyScoring | Enabled |
| 920120 | REQUEST-920-PROTOCOL-ENFORCEMENT | Attempted multipart/form-data bypass | AnomalyScoring | Enabled |
| 920130 | REQUEST-920-PROTOCOL-ENFORCEMENT | Failed to parse request body. | AnomalyScoring | Enabled |
| 920140 | REQUEST-920-PROTOCOL-ENFORCEMENT | Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED} | AnomalyScoring | Enabled |
| 920160 | REQUEST-920-PROTOCOL-ENFORCEMENT | Content-Length HTTP header is not numeric. | AnomalyScoring | Enabled |
| 920170 | REQUEST-920-PROTOCOL-ENFORCEMENT | GET or HEAD Request with Body Content. | AnomalyScoring | Enabled |
| 920180 | REQUEST-920-PROTOCOL-ENFORCEMENT | POST request missing Content-Length Header. | AnomalyScoring | Enabled |
| 920190 | REQUEST-920-PROTOCOL-ENFORCEMENT | Range: Invalid Last Byte Value. | AnomalyScoring | Enabled |
| 920200 | REQUEST-920-PROTOCOL-ENFORCEMENT | Range: Too many fields (6 or more) | AnomalyScoring | Enabled |
| 920201 | REQUEST-920-PROTOCOL-ENFORCEMENT | Range: Too many fields for pdf request (35 or more) | AnomalyScoring | Enabled |
| 920202 | REQUEST-920-PROTOCOL-ENFORCEMENT | Range: Too many fields for pdf request (6 or more) | AnomalyScoring | Enabled |
| 920210 | REQUEST-920-PROTOCOL-ENFORCEMENT | Multiple/Conflicting Connection Header Data Found. | AnomalyScoring | Enabled |
| 920220 | REQUEST-920-PROTOCOL-ENFORCEMENT | URL Encoding Abuse Attack Attempt | AnomalyScoring | Enabled |
| 920230 | REQUEST-920-PROTOCOL-ENFORCEMENT | Multiple URL Encoding Detected | AnomalyScoring | Enabled |
| 920240 | REQUEST-920-PROTOCOL-ENFORCEMENT | URL Encoding Abuse Attack Attempt | AnomalyScoring | Enabled |
| 920250 | REQUEST-920-PROTOCOL-ENFORCEMENT | UTF8 Encoding Abuse Attack Attempt | AnomalyScoring | Enabled |
| 920260 | REQUEST-920-PROTOCOL-ENFORCEMENT | Unicode Full/Half Width Abuse Attack Attempt | AnomalyScoring | Enabled |
| 920270 | REQUEST-920-PROTOCOL-ENFORCEMENT | Invalid character in request (null character) | AnomalyScoring | Enabled |
| 920271 | REQUEST-920-PROTOCOL-ENFORCEMENT | Invalid character in request (non printable characters) | AnomalyScoring | Enabled |
| 920272 | REQUEST-920-PROTOCOL-ENFORCEMENT | Invalid character in request (outside of printable chars below ascii 127) | AnomalyScoring | Enabled |
| 920273 | REQUEST-920-PROTOCOL-ENFORCEMENT | Invalid character in request (outside of very strict set) | AnomalyScoring | Enabled |
| 920274 | REQUEST-920-PROTOCOL-ENFORCEMENT | Invalid character in request headers (outside of very strict set) | AnomalyScoring | Enabled |
| 920280 | REQUEST-920-PROTOCOL-ENFORCEMENT | Request Missing a Host Header | AnomalyScoring | Enabled |
| 920290 | REQUEST-920-PROTOCOL-ENFORCEMENT | Empty Host Header | AnomalyScoring | Enabled |
| 920300 | REQUEST-920-PROTOCOL-ENFORCEMENT | Request Missing an Accept Header | AnomalyScoring | Enabled |
| 920310 | REQUEST-920-PROTOCOL-ENFORCEMENT | Request Has an Empty Accept Header | AnomalyScoring | Enabled |
| 920311 | REQUEST-920-PROTOCOL-ENFORCEMENT | Request Has an Empty Accept Header | AnomalyScoring | Enabled |
| 920320 | REQUEST-920-PROTOCOL-ENFORCEMENT | Missing User Agent Header | AnomalyScoring | Enabled |
| 920330 | REQUEST-920-PROTOCOL-ENFORCEMENT | Empty User Agent Header | AnomalyScoring | Enabled |
| 920340 | REQUEST-920-PROTOCOL-ENFORCEMENT | Request Containing Content, but Missing Content-Type header | AnomalyScoring | Enabled |
| 920350 | REQUEST-920-PROTOCOL-ENFORCEMENT | Host header is a numeric IP address | AnomalyScoring | Enabled |
| 920420 | REQUEST-920-PROTOCOL-ENFORCEMENT | Request content type is not allowed by policy | AnomalyScoring | Enabled |
| 920430 | REQUEST-920-PROTOCOL-ENFORCEMENT | HTTP protocol version is not allowed by policy | AnomalyScoring | Enabled |
| 920440 | REQUEST-920-PROTOCOL-ENFORCEMENT | URL file extension is restricted by policy | AnomalyScoring | Enabled |
| 920450 | REQUEST-920-PROTOCOL-ENFORCEMENT | HTTP header is restricted by policy (%{MATCHED_VAR}) | AnomalyScoring | Enabled |
| 920460 | REQUEST-920-PROTOCOL-ENFORCEMENT | Abnormal Escape Characters | AnomalyScoring | Enabled |
| 921100 | REQUEST-921-PROTOCOL-ATTACK | HTTP Request Smuggling Attack. | AnomalyScoring | Enabled |
| 921110 | REQUEST-921-PROTOCOL-ATTACK | HTTP Request Smuggling Attack | AnomalyScoring | Enabled |
| 921120 | REQUEST-921-PROTOCOL-ATTACK | HTTP Response Splitting Attack | AnomalyScoring | Enabled |
| 921130 | REQUEST-921-PROTOCOL-ATTACK | HTTP Response Splitting Attack | AnomalyScoring | Enabled |
| 921140 | REQUEST-921-PROTOCOL-ATTACK | HTTP Header Injection Attack via headers | AnomalyScoring | Enabled |
| 921150 | REQUEST-921-PROTOCOL-ATTACK | HTTP Header Injection Attack via payload (CR/LF detected) | AnomalyScoring | Enabled |
| 921151 | REQUEST-921-PROTOCOL-ATTACK | HTTP Header Injection Attack via payload (CR/LF detected) | AnomalyScoring | Enabled |
| 921160 | REQUEST-921-PROTOCOL-ATTACK | HTTP Header Injection Attack via payload (CR/LF and header-name detected) | AnomalyScoring | Enabled |
| 921170 | REQUEST-921-PROTOCOL-ATTACK | HTTP Parameter Pollution | AnomalyScoring | Enabled |
| 921180 | REQUEST-921-PROTOCOL-ATTACK | HTTP Parameter Pollution (%{TX.1}) | AnomalyScoring | Enabled |
| 930100 | REQUEST-930-APPLICATION-ATTACK-LFI | Path Traversal Attack (/../) | AnomalyScoring | Enabled |
| 930110 | REQUEST-930-APPLICATION-ATTACK-LFI | Path Traversal Attack (/../) | AnomalyScoring | Enabled |
| 930120 | REQUEST-930-APPLICATION-ATTACK-LFI | OS File Access Attempt | AnomalyScoring | Enabled |
| 930130 | REQUEST-930-APPLICATION-ATTACK-LFI | Restricted File Access Attempt | AnomalyScoring | Enabled |
| 931100 | REQUEST-931-APPLICATION-ATTACK-RFI | Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address | AnomalyScoring | Enabled |
| 931110 | REQUEST-931-APPLICATION-ATTACK-RFI | Possible Remote File Inclusion (RFI) Attack: Common RFI Vulnerable Parameter Name used w/URL Payload | AnomalyScoring | Enabled |
| 931120 | REQUEST-931-APPLICATION-ATTACK-RFI | Possible Remote File Inclusion (RFI) Attack: URL Payload Used w/Trailing Question Mark Character (?) | AnomalyScoring | Enabled |
| 931130 | REQUEST-931-APPLICATION-ATTACK-RFI | Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link | AnomalyScoring | Enabled |
| 932100 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Unix Command Injection | AnomalyScoring | Enabled |
| 932105 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Unix Command Injection | AnomalyScoring | Enabled |
| 932110 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Windows Command Injection | AnomalyScoring | Enabled |
| 932115 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Windows Command Injection | AnomalyScoring | Enabled |
| 932120 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Windows PowerShell Command Found | AnomalyScoring | Enabled |
| 932130 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Unix Shell Expression Found | AnomalyScoring | Enabled |
| 932140 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Windows FOR/IF Command Found | AnomalyScoring | Enabled |
| 932150 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Direct Unix Command Execution | AnomalyScoring | Enabled |
| 932160 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Unix Shell Code Found | AnomalyScoring | Enabled |
| 932170 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Shellshock (CVE-2014-6271) | AnomalyScoring | Enabled |
| 932171 | REQUEST-932-APPLICATION-ATTACK-RCE | Remote Command Execution: Shellshock (CVE-2014-6271) | AnomalyScoring | Enabled |
| 933100 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: Opening/Closing Tag Found | AnomalyScoring | Enabled |
| 933110 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: PHP Script File Upload Found | AnomalyScoring | Enabled |
| 933111 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: PHP Script File Upload Found | AnomalyScoring | Enabled |
| 933120 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: Configuration Directive Found | AnomalyScoring | Enabled |
| 933130 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: Variables Found | AnomalyScoring | Enabled |
| 933131 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: Variables Found | AnomalyScoring | Enabled |
| 933140 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: I/O Stream Found | AnomalyScoring | Enabled |
| 933150 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: High-Risk PHP Function Name Found | AnomalyScoring | Enabled |
| 933151 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: Medium-Risk PHP Function Name Found | AnomalyScoring | Enabled |
| 933160 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: High-Risk PHP Function Call Found | AnomalyScoring | Enabled |
| 933161 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: Low-Value PHP Function Call Found | AnomalyScoring | Enabled |
| 933170 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: Serialized Object Injection | AnomalyScoring | Enabled |
| 933180 | REQUEST-933-APPLICATION-ATTACK-PHP | PHP Injection Attack: Variable Function Call Found | AnomalyScoring | Enabled |
| 941100 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS Attack Detected via libinjection | AnomalyScoring | Enabled |
| 941110 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS Filter - Category 1: Script Tag Vector | AnomalyScoring | Enabled |
| 941120 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS Filter - Category 2: Event Handler Vector | AnomalyScoring | Enabled |
| 941130 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS Filter - Category 3: Attribute Vector | AnomalyScoring | Enabled |
| 941140 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS Filter - Category 4: Javascript URI Vector | AnomalyScoring | Enabled |
| 941150 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS Filter - Category 5: Disallowed HTML Attributes | AnomalyScoring | Enabled |
| 941160 | REQUEST-941-APPLICATION-ATTACK-XSS | NoScript XSS InjectionChecker: HTML Injection | AnomalyScoring | Enabled |
| 941170 | REQUEST-941-APPLICATION-ATTACK-XSS | NoScript XSS InjectionChecker: Attribute Injection | AnomalyScoring | Enabled |
| 941180 | REQUEST-941-APPLICATION-ATTACK-XSS | Node-Validator Blacklist Keywords | AnomalyScoring | Enabled |
| 941190 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS Using style sheets | AnomalyScoring | Enabled |
| 941200 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS using VML frames | AnomalyScoring | Enabled |
| 941210 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS using obfuscated JavaScript | AnomalyScoring | Enabled |
| 941220 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS using obfuscated VB Script | AnomalyScoring | Enabled |
| 941230 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS using 'embed' tag | AnomalyScoring | Enabled |
| 941240 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS using 'import' or 'implementation' attribute | AnomalyScoring | Enabled |
| 941250 | REQUEST-941-APPLICATION-ATTACK-XSS | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 941260 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS using 'meta' tag | AnomalyScoring | Enabled |
| 941270 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS using 'link' href | AnomalyScoring | Enabled |
| 941280 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS using 'base' tag | AnomalyScoring | Enabled |
| 941290 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS using 'applet' tag | AnomalyScoring | Enabled |
| 941300 | REQUEST-941-APPLICATION-ATTACK-XSS | XSS using 'object' tag | AnomalyScoring | Enabled |
| 941310 | REQUEST-941-APPLICATION-ATTACK-XSS | US-ASCII Malformed Encoding XSS Filter - Attack Detected. | AnomalyScoring | Enabled |
| 941320 | REQUEST-941-APPLICATION-ATTACK-XSS | Possible XSS Attack Detected - HTML Tag Handler | AnomalyScoring | Enabled |
| 941330 | REQUEST-941-APPLICATION-ATTACK-XSS | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 941340 | REQUEST-941-APPLICATION-ATTACK-XSS | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 941350 | REQUEST-941-APPLICATION-ATTACK-XSS | UTF-7 Encoding IE XSS - Attack Detected. | AnomalyScoring | Enabled |
| 942100 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Injection Attack Detected via libinjection | AnomalyScoring | Enabled |
| 942110 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Injection Attack: Common Injection Testing Detected | AnomalyScoring | Enabled |
| 942120 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Injection Attack: SQL Operator Detected | AnomalyScoring | Enabled |
| 942130 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Injection Attack: SQL Tautology Detected. | AnomalyScoring | Enabled |
| 942140 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Injection Attack: Common DB Names Detected | AnomalyScoring | Enabled |
| 942150 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Injection Attack | AnomalyScoring | Enabled |
| 942160 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects blind sqli tests using sleep() or benchmark(). | AnomalyScoring | Enabled |
| 942170 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects SQL benchmark and sleep injection attempts including conditional queries | AnomalyScoring | Enabled |
| 942180 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects basic SQL authentication bypass attempts ⅓ | AnomalyScoring | Enabled |
| 942190 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects MSSQL code execution and information gathering attempts | AnomalyScoring | Enabled |
| 942200 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects MySQL comment-/space-obfuscated injections and backtick termination | AnomalyScoring | Enabled |
| 942210 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects chained SQL injection attempts ½ | AnomalyScoring | Enabled |
| 942220 | REQUEST-942-APPLICATION-ATTACK-SQLI | Looking for intiger overflow attacks, these are taken from skipfish, except 3.0.00738585072007e-308 is the \"magic number\" crash | AnomalyScoring | Enabled |
| 942230 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects conditional SQL injection attempts | AnomalyScoring | Enabled |
| 942240 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects MySQL charset switch and MSSQL DoS attempts | AnomalyScoring | Enabled |
| 942250 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects MATCH AGAINST, MERGE and EXECUTE IMMEDIATE injections | AnomalyScoring | Enabled |
| 942251 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects HAVING injections | AnomalyScoring | Enabled |
| 942260 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects basic SQL authentication bypass attempts ⅔ | AnomalyScoring | Enabled |
| 942270 | REQUEST-942-APPLICATION-ATTACK-SQLI | Looking for basic sql injection. Common attack string for mysql, oracle and others. | AnomalyScoring | Enabled |
| 942280 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts | AnomalyScoring | Enabled |
| 942290 | REQUEST-942-APPLICATION-ATTACK-SQLI | Finds basic MongoDB SQL injection attempts | AnomalyScoring | Enabled |
| 942300 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects MySQL comments, conditions and ch(a)r injections | AnomalyScoring | Enabled |
| 942310 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects chained SQL injection attempts 2/2 | AnomalyScoring | Enabled |
| 942320 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects MySQL and PostgreSQL stored procedure/function injections | AnomalyScoring | Enabled |
| 942330 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects classic SQL injection probings ½ | AnomalyScoring | Enabled |
| 942340 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects basic SQL authentication bypass attempts 3/3 | AnomalyScoring | Enabled |
| 942350 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects MySQL UDF injection and other data/structure manipulation attempts | AnomalyScoring | Enabled |
| 942360 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects concatenated basic SQL injection and SQLLFI attempts | AnomalyScoring | Enabled |
| 942370 | REQUEST-942-APPLICATION-ATTACK-SQLI | Detects classic SQL injection probings 2/2 | AnomalyScoring | Enabled |
| 942380 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Injection Attack | AnomalyScoring | Enabled |
| 942390 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Injection Attack | AnomalyScoring | Enabled |
| 942400 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Injection Attack | AnomalyScoring | Enabled |
| 942410 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Injection Attack | AnomalyScoring | Enabled |
| 942420 | REQUEST-942-APPLICATION-ATTACK-SQLI | Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (8) | AnomalyScoring | Enabled |
| 942421 | REQUEST-942-APPLICATION-ATTACK-SQLI | Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (3) | AnomalyScoring | Enabled |
| 942430 | REQUEST-942-APPLICATION-ATTACK-SQLI | Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12) | AnomalyScoring | Enabled |
| 942431 | REQUEST-942-APPLICATION-ATTACK-SQLI | Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (6) | AnomalyScoring | Enabled |
| 942432 | REQUEST-942-APPLICATION-ATTACK-SQLI | Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (2) | AnomalyScoring | Enabled |
| 942440 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Comment Sequence Detected. | AnomalyScoring | Enabled |
| 942450 | REQUEST-942-APPLICATION-ATTACK-SQLI | SQL Hex Encoding Identified | AnomalyScoring | Enabled |
| 942460 | REQUEST-942-APPLICATION-ATTACK-SQLI | Meta-Character Anomaly Detection Alert - Repetitive Non-Word Characters | AnomalyScoring | Enabled |
| 943100 | REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION | Possible Session Fixation Attack: Setting Cookie Values in HTML | AnomalyScoring | Enabled |
| 943110 | REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION | Possible Session Fixation Attack: SessionID Parameter Name with Off-Domain Referer | AnomalyScoring | Enabled |
| 943120 | REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION | Possible Session Fixation Attack: SessionID Parameter Name with No Referer | AnomalyScoring | Enabled |
Removed Rules¶
| Rule ID | Rule Group Name | Description | Action | State |
|---|---|---|---|---|
| 950000 | crs_40_generic_attacks | Session Fixation | AnomalyScoring | Enabled |
| 950001 | crs_41_sql_injection_attacks | SQL Injection Attack | AnomalyScoring | Enabled |
| 950002 | crs_40_generic_attacks | System Command Access | AnomalyScoring | Enabled |
| 950003 | crs_40_generic_attacks | Session Fixation | AnomalyScoring | Enabled |
| 950005 | crs_40_generic_attacks | Remote File Access Attempt | AnomalyScoring | Enabled |
| 950006 | crs_40_generic_attacks | System Command Injection | AnomalyScoring | Enabled |
| 950007 | crs_41_sql_injection_attacks | Blind SQL Injection Attack | AnomalyScoring | Enabled |
| 950008 | crs_40_generic_attacks | Injection of Undocumented ColdFusion Tags | AnomalyScoring | Enabled |
| 950009 | crs_40_generic_attacks | Session Fixation Attack | AnomalyScoring | Enabled |
| 950010 | crs_40_generic_attacks | LDAP Injection Attack | AnomalyScoring | Enabled |
| 950011 | crs_40_generic_attacks | SSI injection Attack | AnomalyScoring | Enabled |
| 950012 | crs_40_generic_attacks | HTTP Request Smuggling Attack. | AnomalyScoring | Enabled |
| 950018 | crs_40_generic_attacks | Universal PDF XSS URL Detected. | AnomalyScoring | Enabled |
| 950019 | crs_40_generic_attacks | Email Injection Attack | AnomalyScoring | Enabled |
| 950103 | crs_42_tight_security | Path Traversal Attack | AnomalyScoring | Enabled |
| 950107 | crs_20_protocol_violations | URL Encoding Abuse Attack Attempt | AnomalyScoring | Enabled |
| 950108 | crs_20_protocol_violations | URL Encoding Abuse Attack Attempt | AnomalyScoring | Enabled |
| 950109 | crs_20_protocol_violations | Multiple URL Encoding Detected | AnomalyScoring | Enabled |
| 950110 | crs_45_trojans | Backdoor access | AnomalyScoring | Enabled |
| 950116 | crs_20_protocol_violations | Unicode Full/Half Width Abuse Attack Attempt | AnomalyScoring | Enabled |
| 950117 | crs_40_generic_attacks | Remote File Inclusion Attack | AnomalyScoring | Enabled |
| 950118 | crs_40_generic_attacks | Remote File Inclusion Attack | AnomalyScoring | Enabled |
| 950119 | crs_40_generic_attacks | Remote File Inclusion Attack | AnomalyScoring | Enabled |
| 950120 | crs_40_generic_attacks | Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link | AnomalyScoring | Enabled |
| 950801 | crs_20_protocol_violations | UTF8 Encoding Abuse Attack Attempt | AnomalyScoring | Enabled |
| 950901 | crs_41_sql_injection_attacks | SQL Injection Attack: SQL Tautology Detected. | AnomalyScoring | Enabled |
| 950907 | crs_40_generic_attacks | System Command Injection | AnomalyScoring | Enabled |
| 950908 | crs_41_sql_injection_attacks | SQL Injection Attack. | AnomalyScoring | Enabled |
| 950910 | crs_40_generic_attacks | HTTP Response Splitting Attack | AnomalyScoring | Enabled |
| 950911 | crs_40_generic_attacks | HTTP Response Splitting Attack | AnomalyScoring | Enabled |
| 950921 | crs_45_trojans | Backdoor access | AnomalyScoring | Enabled |
| 958000 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958001 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958002 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958003 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958004 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958005 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958006 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958007 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958008 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958009 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958010 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958011 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958012 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958013 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958016 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958017 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958018 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958019 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958020 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958022 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958023 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958024 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958025 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958026 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958027 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958028 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958030 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958031 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958032 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958033 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958034 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958036 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958037 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958038 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958039 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958040 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958041 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958045 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958046 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958047 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958049 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958051 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958052 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958054 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958056 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958057 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958059 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958230 | crs_20_protocol_violations | Range: Invalid Last Byte Value. | AnomalyScoring | Enabled |
| 958231 | crs_20_protocol_violations | Range: Too many fields | AnomalyScoring | Enabled |
| 958291 | crs_20_protocol_violations | Range: field exists and begins with 0. | AnomalyScoring | Enabled |
| 958295 | crs_20_protocol_violations | Multiple/Conflicting Connection Header Data Found. | AnomalyScoring | Enabled |
| 958404 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958405 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958406 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958407 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958408 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958409 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958410 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958411 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958412 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958413 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958414 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958415 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958416 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958417 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958418 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958419 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958420 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958421 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958422 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958423 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled |
| 958976 | crs_40_generic_attacks | PHP Injection Attack | AnomalyScoring | Enabled |
| 958977 | crs_40_generic_attacks | PHP Injection Attack | AnomalyScoring | Enabled |
| 959070 | crs_41_sql_injection_attacks | SQL Injection Attack | AnomalyScoring | Enabled |
| 959071 | crs_41_sql_injection_attacks | SQL Injection Attack | AnomalyScoring | Enabled |
| 959072 | crs_41_sql_injection_attacks | SQL Injection Attack | AnomalyScoring | Enabled |
| 959073 | crs_41_sql_injection_attacks | SQL Injection Attack | AnomalyScoring | Enabled |
| 959151 | crs_40_generic_attacks | PHP Injection Attack | AnomalyScoring | Enabled |
| 960000 | crs_20_protocol_violations | Attempted multipart/form-data bypass | AnomalyScoring | Enabled |
| 960006 | crs_21_protocol_anomalies | Empty User Agent Header | AnomalyScoring | Enabled |
| 960007 | crs_21_protocol_anomalies | Empty Host Header | AnomalyScoring | Enabled |
| 960008 | crs_21_protocol_anomalies | Request Missing a Host Header | AnomalyScoring | Enabled |
| 960009 | crs_21_protocol_anomalies | Request Missing a User Agent Header | AnomalyScoring | Enabled |
| 960010 | crs_30_http_policy | Request content type is not allowed by policy | AnomalyScoring | Enabled |
| 960011 | crs_20_protocol_violations | GET or HEAD Request with Body Content. | AnomalyScoring | Enabled |
| 960012 | crs_20_protocol_violations | POST request missing Content-Length Header. | AnomalyScoring | Enabled |
| 960015 | crs_21_protocol_anomalies | Request Missing an Accept Header | AnomalyScoring | Enabled |
| 960016 | crs_20_protocol_violations | Content-Length HTTP header is not numeric. | AnomalyScoring | Enabled |
| 960017 | crs_21_protocol_anomalies | Host header is a numeric IP address | AnomalyScoring | Enabled |
| 960018 | crs_20_protocol_violations | Invalid character in request | AnomalyScoring | Enabled |
| 960020 | crs_20_protocol_violations | Pragma Header requires Cache-Control Header for HTTP/1.1 requests. | AnomalyScoring | Enabled |
| 960021 | crs_21_protocol_anomalies | Request Has an Empty Accept Header | AnomalyScoring | Enabled |
| 960022 | crs_20_protocol_violations | Expect Header Not Allowed for HTTP 1.0. | AnomalyScoring | Enabled |
| 960024 | crs_40_generic_attacks | Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters | AnomalyScoring | Enabled |
| 960032 | crs_30_http_policy | Method is not allowed by policy | AnomalyScoring | Enabled |
| 960034 | crs_30_http_policy | HTTP protocol version is not allowed by policy | AnomalyScoring | Enabled |
| 960035 | crs_30_http_policy | URL file extension is restricted by policy | AnomalyScoring | Enabled |
| 960038 | crs_30_http_policy | HTTP header is restricted by policy | AnomalyScoring | Enabled |
| 960208 | crs_23_request_limits | Argument value too long | AnomalyScoring | Enabled |
| 960209 | crs_23_request_limits | Argument name too long | AnomalyScoring | Enabled |
| 960335 | crs_23_request_limits | Too many arguments in request | AnomalyScoring | Enabled |
| 960341 | crs_23_request_limits | Total arguments size exceeded | AnomalyScoring | Enabled |
| 960342 | crs_23_request_limits | Uploaded file size too large | AnomalyScoring | Enabled |
| 960343 | crs_23_request_limits | Total uploaded files size too large | AnomalyScoring | Enabled |
| 960901 | crs_20_protocol_violations | Invalid character in request | AnomalyScoring | Enabled |
| 960902 | crs_20_protocol_violations | Invalid Use of Identity Encoding. | AnomalyScoring | Enabled |
| 960904 | crs_21_protocol_anomalies | Request Containing Content, but Missing Content-Type header | AnomalyScoring | Enabled |
| 960911 | crs_20_protocol_violations | Invalid HTTP Request Line | AnomalyScoring | Enabled |
| 960912 | crs_20_protocol_violations | Failed to parse request body. | AnomalyScoring | Enabled |
| 960914 | crs_20_protocol_violations | Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED} | AnomalyScoring | Enabled |
| 960915 | crs_20_protocol_violations | Multipart parser detected a possible unmatched boundary. | AnomalyScoring | Enabled |
| 973300 | crs_41_xss_attacks | Possible XSS Attack Detected - HTML Tag Handler | AnomalyScoring | Enabled |
| 973301 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973302 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973303 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973304 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973305 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973306 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973307 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973308 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973309 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973310 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973311 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973312 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973313 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973314 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled |
| 973315 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973316 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973317 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973318 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973319 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973320 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973321 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973322 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973323 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973324 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973325 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973326 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973327 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973328 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973329 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973330 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973331 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973332 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973333 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973334 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973335 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973336 | crs_41_xss_attacks | XSS Filter - Category 1: Script Tag Vector | AnomalyScoring | Enabled |
| 973337 | crs_41_xss_attacks | XSS Filter - Category 2: Event Handler Vector | AnomalyScoring | Enabled |
| 973338 | crs_41_xss_attacks | XSS Filter - Category 3: Javascript URI Vector | AnomalyScoring | Enabled |
| 973344 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973345 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973346 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973347 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 973348 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled |
| 981018 | crs_41_xss_attacks | Rule 981018 | AnomalyScoring | Enabled |
| 981133 | crs_40_generic_attacks | Rule 981133 | AnomalyScoring | Enabled |
| 981134 | crs_40_generic_attacks | Rule 981134 | AnomalyScoring | Enabled |
| 981136 | crs_41_xss_attacks | Rule 981136 | AnomalyScoring | Enabled |
| 981172 | crs_41_sql_injection_attacks | Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded | AnomalyScoring | Enabled |
| 981173 | crs_41_sql_injection_attacks | Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded | AnomalyScoring | Enabled |
| 981175 | crs_49_inbound_blocking | Inbound Attack Targeting OSVDB Flagged Resource. | AnomalyScoring | Enabled |
| 981176 | crs_49_inbound_blocking | Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE}, SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}): Last Matched Message: %{tx.msg} | AnomalyScoring | Enabled |
| 981227 | crs_20_protocol_violations | Apache Error: Invalid URI in Request. | AnomalyScoring | Enabled |
| 981231 | crs_41_sql_injection_attacks | SQL Comment Sequence Detected. | AnomalyScoring | Enabled |
| 981240 | crs_41_sql_injection_attacks | Detects MySQL comments, conditions and ch(a)r injections | AnomalyScoring | Enabled |
| 981241 | crs_41_sql_injection_attacks | Detects conditional SQL injection attempts | AnomalyScoring | Enabled |
| 981242 | crs_41_sql_injection_attacks | Detects classic SQL injection probings ½ | AnomalyScoring | Enabled |
| 981243 | crs_41_sql_injection_attacks | Detects classic SQL injection probings 2/2 | AnomalyScoring | Enabled |
| 981244 | crs_41_sql_injection_attacks | Detects basic SQL authentication bypass attempts ⅓ | AnomalyScoring | Enabled |
| 981245 | crs_41_sql_injection_attacks | Detects basic SQL authentication bypass attempts ⅔ | AnomalyScoring | Enabled |
| 981246 | crs_41_sql_injection_attacks | Detects basic SQL authentication bypass attempts 3/3 | AnomalyScoring | Enabled |
| 981247 | crs_41_sql_injection_attacks | Detects concatenated basic SQL injection and SQLLFI attempts | AnomalyScoring | Enabled |
| 981248 | crs_41_sql_injection_attacks | Detects chained SQL injection attempts ½ | AnomalyScoring | Enabled |
| 981249 | crs_41_sql_injection_attacks | Detects chained SQL injection attempts 2/2 | AnomalyScoring | Enabled |
| 981250 | crs_41_sql_injection_attacks | Detects SQL benchmark and sleep injection attempts including conditional queries | AnomalyScoring | Enabled |
| 981251 | crs_41_sql_injection_attacks | Detects MySQL UDF injection and other data/structure manipulation attempts | AnomalyScoring | Enabled |
| 981252 | crs_41_sql_injection_attacks | Detects MySQL charset switch and MSSQL DoS attempts | AnomalyScoring | Enabled |
| 981253 | crs_41_sql_injection_attacks | Detects MySQL and PostgreSQL stored procedure/function injections | AnomalyScoring | Enabled |
| 981254 | crs_41_sql_injection_attacks | Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts | AnomalyScoring | Enabled |
| 981255 | crs_41_sql_injection_attacks | Detects MSSQL code execution and information gathering attempts | AnomalyScoring | Enabled |
| 981256 | crs_41_sql_injection_attacks | Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING injections | AnomalyScoring | Enabled |
| 981257 | crs_41_sql_injection_attacks | Detects MySQL comment-/space-obfuscated injections and backtick termination | AnomalyScoring | Enabled |
| 981260 | crs_41_sql_injection_attacks | SQL Hex Encoding Identified | AnomalyScoring | Enabled |
| 981270 | crs_41_sql_injection_attacks | Finds basic MongoDB SQL injection attempts | AnomalyScoring | Enabled |
| 981272 | crs_41_sql_injection_attacks | Detects blind sqli tests using sleep() or benchmark(). | AnomalyScoring | Enabled |
| 981276 | crs_41_sql_injection_attacks | Looking for basic sql injection. Common attack string for mysql, oracle and others. | AnomalyScoring | Enabled |
| 981277 | crs_41_sql_injection_attacks | Looking for integer overflow attacks, these are taken from skipfish, except 2.2.90738585072007e-308 is the \"magic number\" crash | AnomalyScoring | Enabled |
| 981300 | crs_41_sql_injection_attacks | Rule 981300 | AnomalyScoring | Enabled |
| 981301 | crs_41_sql_injection_attacks | Rule 981301 | AnomalyScoring | Enabled |
| 981302 | crs_41_sql_injection_attacks | Rule 981302 | AnomalyScoring | Enabled |
| 981303 | crs_41_sql_injection_attacks | Rule 981303 | AnomalyScoring | Enabled |
| 981304 | crs_41_sql_injection_attacks | Rule 981304 | AnomalyScoring | Enabled |
| 981305 | crs_41_sql_injection_attacks | Rule 981305 | AnomalyScoring | Enabled |
| 981306 | crs_41_sql_injection_attacks | Rule 981306 | AnomalyScoring | Enabled |
| 981307 | crs_41_sql_injection_attacks | Rule 981307 | AnomalyScoring | Enabled |
| 981308 | crs_41_sql_injection_attacks | Rule 981308 | AnomalyScoring | Enabled |
| 981309 | crs_41_sql_injection_attacks | Rule 981309 | AnomalyScoring | Enabled |
| 981310 | crs_41_sql_injection_attacks | Rule 981310 | AnomalyScoring | Enabled |
| 981311 | crs_41_sql_injection_attacks | Rule 981311 | AnomalyScoring | Enabled |
| 981312 | crs_41_sql_injection_attacks | Rule 981312 | AnomalyScoring | Enabled |
| 981313 | crs_41_sql_injection_attacks | Rule 981313 | AnomalyScoring | Enabled |
| 981314 | crs_41_sql_injection_attacks | Rule 981314 | AnomalyScoring | Enabled |
| 981315 | crs_41_sql_injection_attacks | Rule 981315 | AnomalyScoring | Enabled |
| 981316 | crs_41_sql_injection_attacks | Rule 981316 | AnomalyScoring | Enabled |
| 981317 | crs_41_sql_injection_attacks | SQL SELECT Statement Anomaly Detection Alert | AnomalyScoring | Enabled |
| 981318 | crs_41_sql_injection_attacks | SQL Injection Attack: Common Injection Testing Detected | AnomalyScoring | Enabled |
| 981319 | crs_41_sql_injection_attacks | SQL Injection Attack: SQL Operator Detected | AnomalyScoring | Enabled |
| 981320 | crs_41_sql_injection_attacks | SQL Injection Attack: Common DB Names Detected | AnomalyScoring | Enabled |
| 990002 | crs_35_bad_robots | Request Indicates a Security Scanner Scanned the Site | AnomalyScoring | Enabled |
| 990012 | crs_35_bad_robots | Rogue web site crawler | AnomalyScoring | Enabled |
| 990901 | crs_35_bad_robots | Request Indicates a Security Scanner Scanned the Site | AnomalyScoring | Enabled |
| 990902 | crs_35_bad_robots | Request Indicates a Security Scanner Scanned the Site | AnomalyScoring | Enabled |
Changed Rules¶
No rules changed.