New Sophos Support Phone Numbers in Effect July 1st, 2023

WAF Error - Outbound Anomaly

Hi.

Lately  I see the following in my WAF log:

2023:05:24-11:12:03 momgate-2 httpd: id="0299" srcip="199.64.207.44" localip="80.180.251.220" size="429" user="-" host="199.64.207.44" method="POST" statuscode="403" reason="waf" extra="Outbound Anomaly Score Exceeded (score 4): Last Matched Message: The application is not available" exceptions="-" time="603501" url="/Microsoft-Server-ActiveSync" server="momail.mom.com" port="443" query="?Cmd=Ping&User=goolen%40dab.com&DeviceId=SEC1EAC070D70C3C&DeviceType=SamsungDevice" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZG3G00GgjmbgwiTAxSfiVwAAALc" =iPhone&Cmd=FolderSync" referer="-" cookie="-" set-cookie="-" websocket_scheme="-" websocket_protocol="-" websocket_key="-" websocket_version="-" uid="ZG3IAUGgjmbgwiTAxSfinwAAALg"

I have disabled the "Protocol anomalies" in the WAF, but I still get this message.

Any Idea or help will be appreciate. Slight smile

Thanks,
Goldy.



1
[edited by: Goldy at 12:04 PM (GMT -7) on 24 May 2023]
Parents Reply Children
No Data