App Gateway - OWASP 2.2.9¶
Generated: 22 February 2026 | Total Rules: 245
OWASP 2.2.9¶
General -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 200004 | General | Possible Multipart Unmatched Boundary. | AnomalyScoring | Enabled |
crs_20_protocol_violations -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 950107 | crs_20_protocol_violations | URL Encoding Abuse Attack Attempt | AnomalyScoring | Enabled | |
| 950108 | crs_20_protocol_violations | URL Encoding Abuse Attack Attempt | AnomalyScoring | Enabled | |
| 950109 | crs_20_protocol_violations | Multiple URL Encoding Detected | AnomalyScoring | Enabled | |
| 950116 | crs_20_protocol_violations | Unicode Full/Half Width Abuse Attack Attempt | AnomalyScoring | Enabled | |
| 950801 | crs_20_protocol_violations | UTF8 Encoding Abuse Attack Attempt | AnomalyScoring | Enabled | |
| 958230 | crs_20_protocol_violations | Range: Invalid Last Byte Value. | AnomalyScoring | Enabled | |
| 958231 | crs_20_protocol_violations | Range: Too many fields | AnomalyScoring | Enabled | |
| 958291 | crs_20_protocol_violations | Range: field exists and begins with 0. | AnomalyScoring | Enabled | |
| 958295 | crs_20_protocol_violations | Multiple/Conflicting Connection Header Data Found. | AnomalyScoring | Enabled | |
| 960000 | crs_20_protocol_violations | Attempted multipart/form-data bypass | AnomalyScoring | Enabled | |
| 960011 | crs_20_protocol_violations | GET or HEAD Request with Body Content. | AnomalyScoring | Enabled | |
| 960012 | crs_20_protocol_violations | POST request missing Content-Length Header. | AnomalyScoring | Enabled | |
| 960016 | crs_20_protocol_violations | Content-Length HTTP header is not numeric. | AnomalyScoring | Enabled | |
| 960018 | crs_20_protocol_violations | Invalid character in request | AnomalyScoring | Enabled | |
| 960020 | crs_20_protocol_violations | Pragma Header requires Cache-Control Header for HTTP/1.1 requests. | AnomalyScoring | Enabled | |
| 960022 | crs_20_protocol_violations | Expect Header Not Allowed for HTTP 1.0. | AnomalyScoring | Enabled | |
| 960901 | crs_20_protocol_violations | Invalid character in request | AnomalyScoring | Enabled | |
| 960902 | crs_20_protocol_violations | Invalid Use of Identity Encoding. | AnomalyScoring | Enabled | |
| 960911 | crs_20_protocol_violations | Invalid HTTP Request Line | AnomalyScoring | Enabled | |
| 960912 | crs_20_protocol_violations | Failed to parse request body. | AnomalyScoring | Enabled | |
| 960914 | crs_20_protocol_violations | Multipart request body failed strict validation: PE %{REQBODY_PROCESSOR_ERROR}, BQ %{MULTIPART_BOUNDARY_QUOTED}, BW %{MULTIPART_BOUNDARY_WHITESPACE}, DB %{MULTIPART_DATA_BEFORE}, DA %{MULTIPART_DATA_AFTER}, HF %{MULTIPART_HEADER_FOLDING}, LF %{MULTIPART_LF_LINE}, SM %{MULTIPART_SEMICOLON_MISSING}, IQ %{MULTIPART_INVALID_QUOTING}, IH %{MULTIPART_INVALID_HEADER_FOLDING}, FLE %{MULTIPART_FILE_LIMIT_EXCEEDED} | AnomalyScoring | Enabled | |
| 960915 | crs_20_protocol_violations | Multipart parser detected a possible unmatched boundary. | AnomalyScoring | Enabled | |
| 981227 | crs_20_protocol_violations | Apache Error: Invalid URI in Request. | AnomalyScoring | Enabled |
crs_21_protocol_anomalies -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 960006 | crs_21_protocol_anomalies | Empty User Agent Header | AnomalyScoring | Enabled | |
| 960007 | crs_21_protocol_anomalies | Empty Host Header | AnomalyScoring | Enabled | |
| 960008 | crs_21_protocol_anomalies | Request Missing a Host Header | AnomalyScoring | Enabled | |
| 960009 | crs_21_protocol_anomalies | Request Missing a User Agent Header | AnomalyScoring | Enabled | |
| 960015 | crs_21_protocol_anomalies | Request Missing an Accept Header | AnomalyScoring | Enabled | |
| 960017 | crs_21_protocol_anomalies | Host header is a numeric IP address | AnomalyScoring | Enabled | |
| 960021 | crs_21_protocol_anomalies | Request Has an Empty Accept Header | AnomalyScoring | Enabled | |
| 960904 | crs_21_protocol_anomalies | Request Containing Content, but Missing Content-Type header | AnomalyScoring | Enabled |
crs_23_request_limits -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 960208 | crs_23_request_limits | Argument value too long | AnomalyScoring | Enabled | |
| 960209 | crs_23_request_limits | Argument name too long | AnomalyScoring | Enabled | |
| 960335 | crs_23_request_limits | Too many arguments in request | AnomalyScoring | Enabled | |
| 960341 | crs_23_request_limits | Total arguments size exceeded | AnomalyScoring | Enabled | |
| 960342 | crs_23_request_limits | Uploaded file size too large | AnomalyScoring | Enabled | |
| 960343 | crs_23_request_limits | Total uploaded files size too large | AnomalyScoring | Enabled |
crs_30_http_policy -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 960010 | crs_30_http_policy | Request content type is not allowed by policy | AnomalyScoring | Enabled | |
| 960032 | crs_30_http_policy | Method is not allowed by policy | AnomalyScoring | Enabled | |
| 960034 | crs_30_http_policy | HTTP protocol version is not allowed by policy | AnomalyScoring | Enabled | |
| 960035 | crs_30_http_policy | URL file extension is restricted by policy | AnomalyScoring | Enabled | |
| 960038 | crs_30_http_policy | HTTP header is restricted by policy | AnomalyScoring | Enabled |
crs_35_bad_robots -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 990002 | crs_35_bad_robots | Request Indicates a Security Scanner Scanned the Site | AnomalyScoring | Enabled | |
| 990012 | crs_35_bad_robots | Rogue web site crawler | AnomalyScoring | Enabled | |
| 990901 | crs_35_bad_robots | Request Indicates a Security Scanner Scanned the Site | AnomalyScoring | Enabled | |
| 990902 | crs_35_bad_robots | Request Indicates a Security Scanner Scanned the Site | AnomalyScoring | Enabled |
crs_40_generic_attacks -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 950000 | crs_40_generic_attacks | Session Fixation | AnomalyScoring | Enabled | |
| 950002 | crs_40_generic_attacks | System Command Access | AnomalyScoring | Enabled | |
| 950003 | crs_40_generic_attacks | Session Fixation | AnomalyScoring | Enabled | |
| 950005 | crs_40_generic_attacks | Remote File Access Attempt | AnomalyScoring | Enabled | |
| 950006 | crs_40_generic_attacks | System Command Injection | AnomalyScoring | Enabled | |
| 950008 | crs_40_generic_attacks | Injection of Undocumented ColdFusion Tags | AnomalyScoring | Enabled | |
| 950009 | crs_40_generic_attacks | Session Fixation Attack | AnomalyScoring | Enabled | |
| 950010 | crs_40_generic_attacks | LDAP Injection Attack | AnomalyScoring | Enabled | |
| 950011 | crs_40_generic_attacks | SSI injection Attack | AnomalyScoring | Enabled | |
| 950012 | crs_40_generic_attacks | HTTP Request Smuggling Attack. | AnomalyScoring | Enabled | |
| 950018 | crs_40_generic_attacks | Universal PDF XSS URL Detected. | AnomalyScoring | Enabled | |
| 950019 | crs_40_generic_attacks | Email Injection Attack | AnomalyScoring | Enabled | |
| 950117 | crs_40_generic_attacks | Remote File Inclusion Attack | AnomalyScoring | Enabled | |
| 950118 | crs_40_generic_attacks | Remote File Inclusion Attack | AnomalyScoring | Enabled | |
| 950119 | crs_40_generic_attacks | Remote File Inclusion Attack | AnomalyScoring | Enabled | |
| 950120 | crs_40_generic_attacks | Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link | AnomalyScoring | Enabled | |
| 950907 | crs_40_generic_attacks | System Command Injection | AnomalyScoring | Enabled | |
| 950910 | crs_40_generic_attacks | HTTP Response Splitting Attack | AnomalyScoring | Enabled | |
| 950911 | crs_40_generic_attacks | HTTP Response Splitting Attack | AnomalyScoring | Enabled | |
| 958976 | crs_40_generic_attacks | PHP Injection Attack | AnomalyScoring | Enabled | |
| 958977 | crs_40_generic_attacks | PHP Injection Attack | AnomalyScoring | Enabled | |
| 959151 | crs_40_generic_attacks | PHP Injection Attack | AnomalyScoring | Enabled | |
| 960024 | crs_40_generic_attacks | Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters | AnomalyScoring | Enabled | |
| 981133 | crs_40_generic_attacks | Rule 981133 | AnomalyScoring | Enabled | |
| 981134 | crs_40_generic_attacks | Rule 981134 | AnomalyScoring | Enabled |
crs_41_sql_injection_attacks -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 950001 | crs_41_sql_injection_attacks | SQL Injection Attack | AnomalyScoring | Enabled | |
| 950007 | crs_41_sql_injection_attacks | Blind SQL Injection Attack | AnomalyScoring | Enabled | |
| 950901 | crs_41_sql_injection_attacks | SQL Injection Attack: SQL Tautology Detected. | AnomalyScoring | Enabled | |
| 950908 | crs_41_sql_injection_attacks | SQL Injection Attack. | AnomalyScoring | Enabled | |
| 959070 | crs_41_sql_injection_attacks | SQL Injection Attack | AnomalyScoring | Enabled | |
| 959071 | crs_41_sql_injection_attacks | SQL Injection Attack | AnomalyScoring | Enabled | |
| 959072 | crs_41_sql_injection_attacks | SQL Injection Attack | AnomalyScoring | Enabled | |
| 959073 | crs_41_sql_injection_attacks | SQL Injection Attack | AnomalyScoring | Enabled | |
| 981172 | crs_41_sql_injection_attacks | Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded | AnomalyScoring | Enabled | |
| 981173 | crs_41_sql_injection_attacks | Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded | AnomalyScoring | Enabled | |
| 981231 | crs_41_sql_injection_attacks | SQL Comment Sequence Detected. | AnomalyScoring | Enabled | |
| 981240 | crs_41_sql_injection_attacks | Detects MySQL comments, conditions and ch(a)r injections | AnomalyScoring | Enabled | |
| 981241 | crs_41_sql_injection_attacks | Detects conditional SQL injection attempts | AnomalyScoring | Enabled | |
| 981242 | crs_41_sql_injection_attacks | Detects classic SQL injection probings ½ | AnomalyScoring | Enabled | |
| 981243 | crs_41_sql_injection_attacks | Detects classic SQL injection probings 2/2 | AnomalyScoring | Enabled | |
| 981244 | crs_41_sql_injection_attacks | Detects basic SQL authentication bypass attempts ⅓ | AnomalyScoring | Enabled | |
| 981245 | crs_41_sql_injection_attacks | Detects basic SQL authentication bypass attempts ⅔ | AnomalyScoring | Enabled | |
| 981246 | crs_41_sql_injection_attacks | Detects basic SQL authentication bypass attempts 3/3 | AnomalyScoring | Enabled | |
| 981247 | crs_41_sql_injection_attacks | Detects concatenated basic SQL injection and SQLLFI attempts | AnomalyScoring | Enabled | |
| 981248 | crs_41_sql_injection_attacks | Detects chained SQL injection attempts ½ | AnomalyScoring | Enabled | |
| 981249 | crs_41_sql_injection_attacks | Detects chained SQL injection attempts 2/2 | AnomalyScoring | Enabled | |
| 981250 | crs_41_sql_injection_attacks | Detects SQL benchmark and sleep injection attempts including conditional queries | AnomalyScoring | Enabled | |
| 981251 | crs_41_sql_injection_attacks | Detects MySQL UDF injection and other data/structure manipulation attempts | AnomalyScoring | Enabled | |
| 981252 | crs_41_sql_injection_attacks | Detects MySQL charset switch and MSSQL DoS attempts | AnomalyScoring | Enabled | |
| 981253 | crs_41_sql_injection_attacks | Detects MySQL and PostgreSQL stored procedure/function injections | AnomalyScoring | Enabled | |
| 981254 | crs_41_sql_injection_attacks | Detects Postgres pg_sleep injection, waitfor delay attacks and database shutdown attempts | AnomalyScoring | Enabled | |
| 981255 | crs_41_sql_injection_attacks | Detects MSSQL code execution and information gathering attempts | AnomalyScoring | Enabled | |
| 981256 | crs_41_sql_injection_attacks | Detects MATCH AGAINST, MERGE, EXECUTE IMMEDIATE and HAVING injections | AnomalyScoring | Enabled | |
| 981257 | crs_41_sql_injection_attacks | Detects MySQL comment-/space-obfuscated injections and backtick termination | AnomalyScoring | Enabled | |
| 981260 | crs_41_sql_injection_attacks | SQL Hex Encoding Identified | AnomalyScoring | Enabled | |
| 981270 | crs_41_sql_injection_attacks | Finds basic MongoDB SQL injection attempts | AnomalyScoring | Enabled | |
| 981272 | crs_41_sql_injection_attacks | Detects blind sqli tests using sleep() or benchmark(). | AnomalyScoring | Enabled | |
| 981276 | crs_41_sql_injection_attacks | Looking for basic sql injection. Common attack string for mysql, oracle and others. | AnomalyScoring | Enabled | |
| 981277 | crs_41_sql_injection_attacks | Looking for integer overflow attacks, these are taken from skipfish, except 2.2.90738585072007e-308 is the \"magic number\" crash | AnomalyScoring | Enabled | |
| 981300 | crs_41_sql_injection_attacks | Rule 981300 | AnomalyScoring | Enabled | |
| 981301 | crs_41_sql_injection_attacks | Rule 981301 | AnomalyScoring | Enabled | |
| 981302 | crs_41_sql_injection_attacks | Rule 981302 | AnomalyScoring | Enabled | |
| 981303 | crs_41_sql_injection_attacks | Rule 981303 | AnomalyScoring | Enabled | |
| 981304 | crs_41_sql_injection_attacks | Rule 981304 | AnomalyScoring | Enabled | |
| 981305 | crs_41_sql_injection_attacks | Rule 981305 | AnomalyScoring | Enabled | |
| 981306 | crs_41_sql_injection_attacks | Rule 981306 | AnomalyScoring | Enabled | |
| 981307 | crs_41_sql_injection_attacks | Rule 981307 | AnomalyScoring | Enabled | |
| 981308 | crs_41_sql_injection_attacks | Rule 981308 | AnomalyScoring | Enabled | |
| 981309 | crs_41_sql_injection_attacks | Rule 981309 | AnomalyScoring | Enabled | |
| 981310 | crs_41_sql_injection_attacks | Rule 981310 | AnomalyScoring | Enabled | |
| 981311 | crs_41_sql_injection_attacks | Rule 981311 | AnomalyScoring | Enabled | |
| 981312 | crs_41_sql_injection_attacks | Rule 981312 | AnomalyScoring | Enabled | |
| 981313 | crs_41_sql_injection_attacks | Rule 981313 | AnomalyScoring | Enabled | |
| 981314 | crs_41_sql_injection_attacks | Rule 981314 | AnomalyScoring | Enabled | |
| 981315 | crs_41_sql_injection_attacks | Rule 981315 | AnomalyScoring | Enabled | |
| 981316 | crs_41_sql_injection_attacks | Rule 981316 | AnomalyScoring | Enabled | |
| 981317 | crs_41_sql_injection_attacks | SQL SELECT Statement Anomaly Detection Alert | AnomalyScoring | Enabled | |
| 981318 | crs_41_sql_injection_attacks | SQL Injection Attack: Common Injection Testing Detected | AnomalyScoring | Enabled | |
| 981319 | crs_41_sql_injection_attacks | SQL Injection Attack: SQL Operator Detected | AnomalyScoring | Enabled | |
| 981320 | crs_41_sql_injection_attacks | SQL Injection Attack: Common DB Names Detected | AnomalyScoring | Enabled |
crs_41_xss_attacks -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 958000 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958001 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958002 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958003 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958004 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958005 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958006 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958007 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958008 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958009 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958010 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958011 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958012 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958013 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958016 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958017 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958018 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958019 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958020 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958022 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958023 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958024 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958025 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958026 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958027 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958028 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958030 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958031 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958032 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958033 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958034 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958036 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958037 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958038 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958039 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958040 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958041 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958045 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958046 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958047 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958049 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958051 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958052 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958054 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958056 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958057 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958059 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958404 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958405 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958406 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958407 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958408 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958409 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958410 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958411 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958412 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958413 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958414 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958415 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958416 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958417 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958418 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958419 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958420 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958421 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958422 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 958423 | crs_41_xss_attacks | Cross-site Scripting (XSS) Attack | AnomalyScoring | Enabled | |
| 973300 | crs_41_xss_attacks | Possible XSS Attack Detected - HTML Tag Handler | AnomalyScoring | Enabled | |
| 973301 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973302 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973303 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973304 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973305 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973306 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973307 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973308 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973309 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973310 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973311 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973312 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973313 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973314 | crs_41_xss_attacks | XSS Attack Detected | AnomalyScoring | Enabled | |
| 973315 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973316 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973317 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973318 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973319 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973320 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973321 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973322 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973323 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973324 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973325 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973326 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973327 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973328 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973329 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973330 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973331 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973332 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973333 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973334 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973335 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973336 | crs_41_xss_attacks | XSS Filter - Category 1: Script Tag Vector | AnomalyScoring | Enabled | |
| 973337 | crs_41_xss_attacks | XSS Filter - Category 2: Event Handler Vector | AnomalyScoring | Enabled | |
| 973338 | crs_41_xss_attacks | XSS Filter - Category 3: Javascript URI Vector | AnomalyScoring | Enabled | |
| 973344 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973345 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973346 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973347 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 973348 | crs_41_xss_attacks | IE XSS Filters - Attack Detected. | AnomalyScoring | Enabled | |
| 981018 | crs_41_xss_attacks | Rule 981018 | AnomalyScoring | Enabled | |
| 981136 | crs_41_xss_attacks | Rule 981136 | AnomalyScoring | Enabled |
crs_42_tight_security -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 950103 | crs_42_tight_security | Path Traversal Attack | AnomalyScoring | Enabled |
crs_45_trojans -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 950110 | crs_45_trojans | Backdoor access | AnomalyScoring | Enabled | |
| 950921 | crs_45_trojans | Backdoor access | AnomalyScoring | Enabled |
crs_49_inbound_blocking -¶
| Rule ID | Rule Group | Description | Action | State | CRS Source |
|---|---|---|---|---|---|
| 981175 | crs_49_inbound_blocking | Inbound Attack Targeting OSVDB Flagged Resource. | AnomalyScoring | Enabled | |
| 981176 | crs_49_inbound_blocking | Inbound Anomaly Score Exceeded (Total Score: %{TX.ANOMALY_SCORE}, SQLi=%{TX.SQL_INJECTION_SCORE}, XSS=%{TX.XSS_SCORE}): Last Matched Message: %{tx.msg} | AnomalyScoring | Enabled |