Policy | Status | Action |
High-Level-Security | • Scan HTTP header—Enabled. • Scan HTTP Request Body—Enabled. • Scan HTTP Response Body—Disabled. | • High Severity Action—Deny. • Medium Severity Action—Deny. • Low Severity Action—Alert. |
Medium-Level-Security | • Scan HTTP header—Enabled. • Scan HTTP Request Body—Enabled. • Scan HTTP Response Body—Disabled. | • High Severity Action—Deny. • Medium Severity Action—Alert. • Low Severity Action—Alert. |
Alert-Only | • Scan HTTP header—Enabled. • Scan HTTP Request Body—Disabled. • Scan HTTP Response Body—Disabled. | • High Severity Action—Alert. • Medium Severity Action—Alert. • Low Severity Action—Alert. |
Settings | Guidelines |
Name | Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. After you initially save the configuration, you cannot edit the name. |
Status | Enable/disable scanning against the signature database. This includes HTTP header scanning but not HTTP body scanning. |
Request Body Status | Enable/disable scanning of the HTTP request body. |
Response Body Status | Enable/disable scanning of the HTTP response body. |
High Severity Action | • Alert—Allow the traffic and log the event. • Deny—Drop the traffic, send a 403 Forbidden to the client, and log the event. The default is alert, but we recommend you deny traffic that matches high severity signatures. |
Medium Severity Action | • Alert—Allow the traffic and log the event. • Deny—Drop the traffic, send a 403 Forbidden to the client, and log the event. The default is alert. For stricter security, you can deny traffic that matches medium severity signatures. |
Low Severity Action | • Alert—Allow the traffic and log the event. • Deny—Drop the traffic, send a 403 Forbidden to the client, and log the event. The default is alert. Recommended for low severity signatures. |
Category (ID) | Subcategory (ID) |
Cross Site Scripting (1) | |
SQL Injection (2) | |
Generic Attacks (3) | OS Command Injection (1) |
Coldfusion Injection (2) | |
LDAP Injection (3) | |
Command Injection (4) | |
Session Fixation (5) | |
File Injection (6) | |
PHP Injection (7) | |
SSI Injection (8) | |
UPDF XSS (9) | |
Email Injection (10) | |
HTTP Response Splitting (11) | |
RFI Injection (12) | |
Trojans (4) | |
Information Disclosure (5) | Zope Information Leakage (13) |
CF Information Leakage (14) | |
PHP Information Leakage (15) | |
ISA Server Existence Revealed (16) | |
Microsoft Office Document Properties Leakage (17) | |
CF Source Code Leakage (18) | |
IIS Information Leakage (19) | |
Weblogic information leakage (20) | |
Generic Filename and Directory leakage (21) | |
ASP/JSP Source Code Leakage (22) | |
PHP Source Code Leakage (23) | |
SQL Error leakage (24) | |
HTTP Header Leakage (25) | |
WordPress Leakage (26) | |
Known Exploits (6) | Oracle 9i (27) |
Coppermine Photo Gallery (28) | |
Netscape Enterprise Server (29) | |
Cisco IOS HTTP Service (30) | |
Microsoft SQL Server (31) | |
HP OpenView Network Node Manager (32) | |
Best Sofrware SalesLogix (33) | |
IBM Lotus Domino Web Server (34) | |
Microsoft IIS (35) | |
Microsoft Windows Media Services (36) | |
Dave Carrigan Auth_LDAP (37) | |
427BB 38) | |
RaXnet Cacti Graph (39) | |
CHETCPASSWD (40) | |
SAP (41) | |
Credit Card Detection (7) | |
Bad Robot (8) |