Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 37 subscribers
  • Views 1691 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Skip Filter Rule - Que son los esos ID que se excluyen en una WAF

AnthonyCastillo

Hola,

Alguien que me pueda aclarar la duda sobre los ID que se colocan en skip fiter rules dentro del WAF, ya que he ingresado el código 949110 para que mi servidor web pueda ser publicado, pero quisiera saber si ese código pueda tener una vulnerabilidad o en que me afecta, además a que esta relacionado ese código.

Gracias



This thread was automatically locked due to age.
Parents Reply Children
  • FormerMember
    0 FormerMember in reply to AnthonyCastillo

    Hi ,

    The WAF rule ID 949110 is one of the infrastructure rules, and I'd not add it to the skip list. They’re core to the operation of the WAF ModSecurity. You should not turn off these rules without possibly affecting other rules that are built upon these rules. If an infrastructure rule is added to the Skip filter rules list, you make yourself vulnerable to other possible attacks.

    Try to find the rule id that detected the anomaly from the reverseproxy logs and if the score is less than 5, add the rule id in the skip list.

    Thanks,

  • 0 in reply to FormerMember

    Thanks H_Patel


    How can I solve this problem?

    I would like your help please

    Thanks,

  • FormerMember
    0 FormerMember in reply to AnthonyCastillo

    Hi ,

    Try to find the rule ID that detected the anomaly from the reverse proxy logs and ensure that it's not an infrastructure rule before adding that to the skip list. If you need help with finding the rule ID, replicate the logs while you replicate the issue and send me the via personal message. 

    Thanks,

Unfiltered HTML