Inbound Anomaly Score Exceeded in WAF

#1

Hi Team,

Below mentioned rule is triggered, When some ip hits my domain specific URl and WAF action taken Block. Could you please let me know Why and When does below mentioned rule is trigger ?

Inbound Anomaly Score Exceeded (Total Score: 146, SQLi=34, XSS=40): Last Matched Message: IE XSS Filters - Attack Detected.

Regards,
redhawk89

0 Likes

#2

Is rule 981176 being triggered by you or unknown visitors and where did you see those logs?

0 Likes

#3

That information is included in the rest of the WAF event. The URI is listed and if you look at / download the JSON it would provide additional details about which OWASP rules were triggered (it was multiple based on the summary).

0 Likes

#4

I didn’t able to find the rule of specific rule id, Which is basically “981176”

0 Likes

#5

The individual rules triggered are in the json details of the event.

2 Likes

#6

Got it. Thank you for informing me.

2 Likes

closed #7

This topic was automatically closed after 14 days. New replies are no longer allowed.

0 Likes