On Thu, Oct 21, 2010 at 8:15 PM, Jason 'XenoPhage' Frisvold
xenoph...@godshell.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I find myself struggling with how to handle directory traversal false
positives. The following happily triggers rule 31104 and active response
blocks the
On Tue, Oct 26, 2010 at 3:45 PM, Jason 'XenoPhage' Frisvold
xenoph...@godshell.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/26/2010 02:29 PM, dan (ddp) wrote:
The only thing I can think of is to watch the logs and implement
ignore rules for the legitimate stuff you come
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Oct 21, 2010, at 8:15 PM, Jason 'XenoPhage' Frisvold wrote:
I find myself struggling with how to handle directory traversal false
positives. The following happily triggers rule 31104 and active response
blocks the IP.
204.41.5.50 - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I find myself struggling with how to handle directory traversal false
positives. The following happily triggers rule 31104 and active response
blocks the IP.
204.41.5.50 - - [21/Oct/2010:08:43:53 -0400] GET /../index.html HTTP/1.1 400
303 -