Entries in Application-Specific Log Files
This reference lists and explains the messages that can appear in application-specific log files. For a description of how to view and filter log files, see Log Files.
ATTENTION
Log file entries are only created if the attribute enable logging has not been disabled for the particular handler.
Action taken
ATTENTION
Depending on your configuration for the individual handlers, many of the log file entries can apply to both events that caused an acceptance or to events that caused a denial of a request. To see whether a request was accepted or denied, view the entry in the Action column of the log file.
Possible entries in the Action column of the log files are:
- Any HTTP error code (see HTTP Error Codes) The request was denied with this code.
- OK: The request was accepted.
- NOTICE: The request was accepted, however some information was logged.
- WARNING: The request or the response could not be parsed, however it was accepted.
Authentication Handler
This handler can write the following entries to the log files:
-
authentication failed - authproxy unreachable …
Authentication for a path failed because the authentication proxy could not be reached. This is an internal error. Please contact support.
If the option fail open was enabled in the handler settings, the request was accepted.
If the option fail open was not enabled in the handler settings, the request was denied.
-
cannot connect to authentication server
The Authentication Handler was not able to communicate with the Authentication Server Backend. Check your settings in the configuration file stingrayafzeusafm.conf.
If the option fail open was enabled in the handler settings, the request was accepted.
If the option fail open was not enabled in the handler settings, the request was denied.
-
invalid response from auth server - protocol error
A communication error occurred between the Authentication Server Backend and the Authentication Handler.
-
not authenticated and not redirected - protocol violation
The user provided an external authentication server that did not conform to the protocol.
If the option fail open was enabled in the handler settings, the request was accepted.
If the option fail open was not enabled in the handler settings, the request was denied. See: Authentication Handler
-
redirecting request - redirect to {URL}
The Authentication Handler redirected the request to the login page provided by the Authentication Server Frontend.
See: Authentication Handler.
-
the session handler needs to be enabled before this handler can be used
The Authentication Handler couldn’t work because the Session Handler was not enabled. Add the Session Handler to your ruleset.
Baseline Protection Handler
This handler can write the following entries to the log files:
-
allowing request for KEY although the value is too big (NNN bytes)
Authentication for a path failed because the authentication proxy could not be reached. This is an internal error. Please contact support.
The argument KEY had NNN bytes, which exceeded the limit given by the attribute max variable size.
Usually, the request would have been denied because the option reject if oversize was enabled. However, as the key given in the request matched one of the keys specified by the attribute reject if oversize was enabledn, the request was accepted.
Note that this request was not checked for any patterns.
-
cannot parse arguments …
The decider was unable to parse the arguments of the request. Either the request was malformed or the encoding could not be recognized.
If in Global Configuration the option allow Traffic if we cannot parse the request was enabled, the request was accepted.
If in Global Configuration the option allow Traffic if we cannot parse the request was not enabled, the request was denied.
-
further decoding is possible MATCH_ON VALUE …
One or more additional decoding steps are possible, and the option reject if further decoding possible was activated in the handler settings. So the request was denied.
-
invalid combination MATCH_ON VALUE match pattern CATEGORIES COMMENT iterations NNN
The request was denied because it matched the given pattern. See: Baseline Protection Handler
-
no baseline rules found - please run the baseline wizard or enable at least one rule
The handler could not check the request for any patterns because no pattern was specified or all patterns were disabled.
See: Baseline Protection Handler, Baseline Protection Wizard
-
timelimit exceeded …
Pattern matching took longer than allowed by the attribute match timeout, so the check was aborted.
If the option reject if match timeout was not enabled, the request was accepted.
If the option reject if match timeout was enabled, the request was denied.
-
value for argument KEY too big (NNN bytes)
The argument key had n bytes, which exceeded the limit given by the attribute max variable size.
The request was denied because the option reject if oversize was enabled.
Block Traffic Handler
This handler can write the following entries to the log files:
-
block traffic - REASON
The request was denied because all traffic had been blocked in the application control or because the cluster node had been disabled.
Bypass Ruleset Handler
This handler can write the following entries to the log files:
-
unconditional allow the request (server interface IP)
The request was accepted without any analysis because the ruleset had been deactivated in the application control.
Check HTML Syntax Handler
This handler can write the following entries to the log files:
-
could not decode response body (wrong content-type) - falling back to ISO-8859-1
vWAF was not able to decode the request’s response body because a wrong content type was specified there. Check your web application to fix this inconsistency as soon as possible so that vWAF can reliably check all responses.
The request was accepted and interpreted as ISO-8859-1. See: Check HTML Syntax Handler
-
HTML syntax error - POSITION
The HTML code returned by your web application contained the given syntax error. However, the request was accepted.
Check User Agent Handler
This handler can write the following entries to the log files:
-
invalid User-Agent header = VALUE matches pattern PATTERN
The request was denied because the specified user agent was on the blacklist (attribute invalid pattern).
-
invalid User-Agent header (no valid pattern found) = VALUE
The request was denied because the specified user agent was not covered by the whitelist (attribute valid pattern).
Classify Request Handler
This handler can write the following entries to the log files:
-
there is a probability of n% that this is a bad request
Shows the rating of the risk potential, conducted by the Classify Request Handler. See: Classify Request Handler
-
there is a probability of n% that this is a good request
Shows the rating of the risk potential, conducted by the Classify Request Handler. See: Classify Request Handler
Content Type Handler
This handler can write the following entries to the log files:
-
bad content-type: CONTENTTYPE
The request was denied because the given content type was not covered by one of the attributes allow urlencoded, allow multipart, or allow content type list.
-
bad content-type for file upload: CONTENTTYPE
The request was denied because the option check upload content types has been enabled but the request’s content type was not covered by the list given for allow upload content type list.
See: Content Type Handler
-
cannot parse arguments …
The decider was unable to parse the arguments of the request. Either the request was malformed or the encoding could not be recognized.
If in the Global Configuration the option allow Traffic if we cannot parse the request was enabled, the request was accepted.
If in the Global Configuration the option allow Traffic if we cannot parse the request was not enabled, the request was denied.
-
content-type required
The request was denied because it did not specify any content type and no replacement content type had been defined (attribute replace missing content type).
See: Content Type Handler
Cookie Jar Handler
This handler can write the following entries to the log files:
-
incoming cookie removed
The Cookie Jar Handler has removed a browser cookie. This action was logged because the attribute log removed cookies was activated in the Cookie Jar Handler settings.
See: Cookie Jar Handler
-
the session handler needs to be enabled before this handler can be used
The Cookie Jar Handler could not work because the Session Handler was not enabled. Add the Session Handler to your ruleset.
Deny Handler
This handler can write the following entries to the log files:
-
deny request
The request was denied because the Deny Handler had been enabled to block all requests.
See: Deny Handler
Entry Point Handler
This handler can write the following entries to the log files:
-
invalid entry point URL - redirect to MAINPAGE
The request was denied because the URL was not included in the list of permissible entry points (attribute entrypoint in the handler settings). An HTTP-redirect was created to the page specified by the attribute mainpage.
See: Entry Point Handler
-
unsigned url - redirect to MAINPAGE
The request was denied because the option url protection was enabled and a user tried to re-enter from an unsigned URL. An HTTP-redirect was created to the page specified by the attribute mainpage.
See: Entry Point Handler
-
invalid url signature - redirect to MAINPAGE
The request was denied because the option url protection was enabled, a user tried to re- enter from a signed URL, but the given signature was incorrect. An HTTP-redirect was created to the page specified by the attribute mainpage.
See: Entry Point Handler
-
the session handler needs to be enabled before this handler can be used
The Entry Point Handler could not work because the Session Handler was not enabled. Add the Session Handler to your ruleset.
-
unseen url - redirect to MAINPAGE
The request was denied because a user tried to re-enter from a page that was not linked by your web application (option url protection). An HTTP-redirect was created to the page specified by the attribute mainpage.
See: Entry Point Handler
Event Per IP Per Path Prefilter Handler
This handler can write the following entries to the log files:
-
could not read backend
Internal error. As a result, the Requests Per IP Per Path Per Timeframe Per Application Event Source might not have been triggered appropriately. Please contact support.
Hide Basic Auth Handler
This handler can write the following entries to the log files:
-
login as user USERNAME - redirect to URL
A user was redirected to the log in page specified by the Hide Basic Auth Handler but did not log in successfully there. So the request was denied.
-
logout - redirect to URL
A user logged out successfully via the log in page specified by the Hide Basic Auth Handler.
-
the session handler needs to be enabled before this handler can be used
The Hide Basic Auth Handler could not work properly because the Session Handler was not enabled. Add the Session Handler to your ruleset.
ICAP Client Handler
This handler can write the following entries to the log files:
-
handle broken multipart is enabled but we cannot parse arguments
Although the attribute handle broken multipart was enabled in the configuration of the ICAP Client Handler, the handler could not parse the arguments.
If in Global Configuration the Attribute allow traffic if we cannot parse the request was set, the request was accepted.
Else the request was denied.
See: ICAP Client Handler
-
backend timeout
The configured ICAP server did not respond within one second. The request was denied.
See: ICAP Client Handler
-
[ANY TEXT THAT THE ICAP SERVER RETURNS AS AN ERROR MESSAGE]
The request was denied. Usually the reason is given within the text, such as “virus found”.
See: ICAP Client Handler
Invalid Args Handler
This handler can write the following entries to the log files:
-
blacklist entry PATTERN matches - invalid argument - KEY=VALUE
The request was denied because the given argument (key = value) matched a pattern of the blacklist (attribute invalid key value pattern).
-
cannot parse arguments …
The decider was unable to parse the arguments of the request. Either the request was malformed or the encoding could not be recognized.
If in Global Configuration the option allow traffic if we cannot parse the request was enabled, the request was accepted.
If in Global Configuration the option allow traffic if we cannot parse the request was not enabled, the request was denied.
-
key KEY occurs at least twice in this request - possible HTTP parameter pollution attack
The request was denied because a key occurred two or more times and the option reject duplicate keys was enabled.
See: Invalid Args Handler
-
not in whitelist - invalid argument - KEY=VALUE
The request was denied because the given argument (key = value) did not match any pattern of the whitelist (attribute valid key value pattern).
See: Invalid Args Handler
-
too many arguments (NUMBER_OF_ARGUMENTS)
The request was denied because it contained more arguments than allowed by the attribute max allowed arguments.
See: Invalid Args Handler
Invalid Body Text Handler
This handler can write the following entries to the log files:
-
invalid text in body (Request) TEXT
The request was denied because it contained a string that matched with one of the patterns for non-permissible requests (attribute requestTriggerPattern).
-
invalid text in body (Response) TEXT
The response was not returned because it contained a string that matched with one of the patterns for non-permissible responses (attribute responseTriggerPattern).
Invalid Cookie Handler
This handler can write the following entries to the log files:
- blacklist entry PATTERN matches - invalid cookie - KEY=VALUE
The request was denied because the given cookie matched a pattern of the blacklist (attribute invalid key value pattern).
- not in whitelist - invalid cookie - KEY=VALUE
The request was denied because the given cookie did not match any pattern of the whitelist (attribute valid key value pattern).
Invalid Parameter Handler
This handler can write the following entries to the log files:
-
invalid parameter PARAMETER
At least one of the request’s URI parameters matched with the blacklist specified for the attribute invalid parameters, so the request was denied.
-
no valid parameter
The request’s URI parameters did not match with any of the URI parameters specified for the attribute valid parameters, so the request was denied.
Invalid Request Handler
This handler can write the following entries to the log files:
-
allowing request for KEY although the value is too big (NNN bytes)
The argument KEY had NNN bytes, which exceeded the limit given by the attribute max variable size.
Usually, the request would have been denied because the option reject if oversize was enabled. However, as the key given in the request matched one of the keys specified by the attribute reject if oversize exception, the request was accepted.
Note that this request was not checked for any patterns.
-
cannot parse arguments …
The decider was unable to parse the arguments of the request. Either the request was malformed or the encoding could not be recognized.
If in Global Configuration the option allow traffic if we cannot parse the request was enabled, the request was accepted.
If in Global Configuration the option allow traffic if we cannot parse the request was not enabled, the request was denied.
-
invalid combination METHOD URI KEY VALUE match pattern OWNER COMMENT
The request was denied because it matched the given pattern.
-
invalid combination METHOD URI match pattern OWNER COMMENT
The request was denied because it matched the given pattern.
-
no pattern list
No pattern was specified in the handler settings, so the handler is essentially ineffective. The request was accepted though.
-
value for argument KEY to big (NNN bytes)
The argument KEY had NNN bytes, which exceeded the limit given by the attribute max variable size.
The request was denied because the option reject if oversize was enabled.
Invalid Url Handler
This handler can write the following entries to the log files:
-
invalid url (full url) pattern, full url is full url
The request was denied because the URL matched with a pattern of the attribute invalid full url pattern.
See: Invalid URL Handler
-
invalid url (no valid pattern found)
The request was denied because the URL did not match with any of the patterns provided by the attributes valid full url pattern and valid url pattern.
See: Invalid URL Handler
-
invalid url match pattern PATTERN url URL
The request was denied because the URL matched with a pattern of the attribute invalid url pattern.
See: Invalid URL Handler
-
invalid url pattern, url url
The request was denied because the URL matched with a pattern of the attribute invalid url pattern.
See: Invalid URL Handler
Limit Requests Per Second Handler
This handler can write the following entries to the log files:
-
deny request (too many requests per second)
The request was denied because the given limit was exceeded.
Log Configuration Handler
This handler can write the following entries to the log files:
-
CONFIGURED LOG DATA
Additional information logged due to the settings made for the Log Configuration Handler. This is for information purposes only—no requests were denied.
Malware Detection Handler
This handler can write the following entries to the log files:
-
could not decode response body (wrong content-type) - ignoring this response
vWAF was not able to decode the request’s response body because a wrong content type was specified there. Check your web application to fix this inconsistency as soon as possible so that vWAF can reliably check all responses.
The response wasn’t checked.
See: Malware detection
-
pattern matched NNN time(s) (provider: PROVIDER last sync: TIME)
The external malware detection service that was configured has detected that your web application returns malicious code.
The detected pattern was not replaced.
See: Malware detection
-
pattern was replaced NNN time(s) with REPLACEMENT (provider: PROVIDER last sync: TIME)
The external malware detection service that was configured has detected that your web application returns malicious code.
The detected pattern was replaced by the Replace String.
See: Malware detection
No Configuration Found Handler
This handler can write the following entries to the log files:
-
no configuration found …
No matching path was found for the application.
If in Global Configuration, the option allow traffic unknown hosts was enabled, the request was accepted.
If in Global Configuration, the option allow traffic for unknown hosts was not enabled, the request was denied.
-
no configuration found for proxy request - deny request
There was a proxy request but no matching path was found for the application. The request was denied.
No Customer Key Found Handler
This handler can write the following entries to the log files:
-
no customer configuration found for key ENFORCERTOKEN …
In the enforcer options, you have specified a customer key. However, you did not configure any application mapping for this key.
If in Global Configuration, the option allow traffic for unknown hosts was enabled, the request was accepted.
If in Global Configuration, the option allow traffic for unknown hosts was not enabled, the request was denied.
No Matching Path Found Handler
This handler can write the following entries to the log files:
-
no configuration found (no matching path)
The host specified in the request was found, but no path matching the URL of the request was defined.
If in Global Configuration, the option allow traffic for unknown hosts was enabled, the request was accepted.
If in Global Configuration, the option allow traffic for unknown hosts was not enabled, the request was denied.
OWA Protection Handler
This handler can write the following entries to the log files:
-
mailbox cross user access denied USERNAME -> URL - redirect to /Exchange
A user who is logged in as the user USERNAME tried to access an URL that does not belong to his or her mailbox. The user was redirected to the URL /Exchange.
-
most parts of this handler will not work without the session handler
You have added the OWA Protection Handler, but you did not add the Session Handler. Therefore, the OWA Protection Handler could not work properly and Outlook Web Access isn’t protected. Add the Session Handler to your ruleset.
-
too many logins for user USERNAME from IPADDRESS
Access for the user was blocked for one minute because there were more unsuccessful login attempts than permitted by the attribute limitLoginTriesPerMinute.
Protect Form Handler
This handler can write the following entries to the log files:
-
cannot parse arguments …
The decider was unable to parse the arguments of the request. Either the request was malformed or the encoding could not be recognized.
If in Global Configuration the option allow traffic if we cannot parse the request was enabled, the request was accepted.
If in Global Configuration the option allow traffic if we cannot parse the request was not enabled, the request was denied.
-
cannot parse response
The handler was unable to parse the response, so the handler could not learn about the form fields. Please check whether your web application returns a valid response.
See: Protect Form Handler
-
found an unprotected form …
The request was denied because a user inserted or manipulated a form.
If the option redirect on deny was enabled, the user was redirected to the URL specified by the attribute mainpage.
See: Protect Form Handler
-
invalid value for input field FIELD
The request was denied because an input field was not saved within the secure session, or because the value of an input field differed from the saved value. Both indicate attempts of manipulation.
See: Protect Form Handler
-
response too complicated (increase max_forms)
The response was too complex to be analyzed successfully within the allocated internal session storage. Therefore the handler could not learn about the form fields.
To resolve this problem, please carefully increase the value of the attribute max forms.
See: Protect Form Handler
-
the session handler needs to be enabled before this handler can be used
The Protect Form Handler could not work properly because the Session Handler was not enabled. Add the Session Handler to your ruleset.
-
unexpected exception during response parsing: TEXT
A general error occurred while parsing, however this error had nothing to do with the parsing process itself. TEXT specifies the reason of this error.
If you cannot resolve the problem, please contact support.
See: Protect Form Handler
Redirect Handler
This handler can write the following entries to the log files:
-
invalid redirect
The user could not be redirected because no valid URL resulted from the given pattern replacement. Please check your configuration.
See: Redirect Handler
-
redirect to URL
The user was successfully redirected to the given URL.
See: Redirect Handler
Referer Handler
This handler can write the following entries to the log files:
-
referer blocked by graylist REFERER …
The request was denied and the user redirected to the graylisturl because the HTTP referer was neither on the whitelist nor on the blacklist, and there were more requests with this HTTP referer than allowed by the attributes threshold counter and threshold timedelta.
See: Referer Handler
-
referer in blacklist REFERER
The request was denied because the HTTP referer was on the blacklist and not on the whitelist.
If the option blockblacklist was not enabled, the user was redirected to the URL specified by the attribute blacklisturl.
See: Referer Handler
-
referer not in whitelist REFERER …
The request was denied because the HTTP referer was not on the whitelist and the option whitelistonly was enabled.
If the option blockblacklist was not enabled, the user was redirected to the URL specified by the attribute blacklisturl.
See: Referer Handler
Required Header Field Handler
This handler can write the following entries to the log files:
-
invalid header KEY: VALUE
The request was denied because one of the headers did not match any valid header pattern, or because it matched an invalid header pattern.
-
missing http header field HEADER
The request was denied because one of the headers specified as required headers was missing.
Response Body Filter Handler
This handler can write the following entries to the log files:
-
cannot decode response body (invalid or unknown content encoding: ENCODING) - ignoring this response
vWAF could not filter the response of your web application because it used an unknown encoding. The request was accepted unfiltered. Please contact support so that we might be able to support the encoding in later versions of vWAF.
-
pattern matched NNN times
The handler made the given number of replacements in the response from your web application as defined by the attribute replace pattern.
Script Handler
Usually, the Script Handler logs whatever you tell it to log with the help of the log function within your scripts (see Script Handler and Accessible Python Modules and Functions).
In addition, the Script Handler might log the following error messages:
-
exception: ERRORMESSAGE
There was exception while running the script. Therefore the Script Handler did not work. The given error message provides you with as much specific debugging information on the reason for the exception as possible.
See: Script Handler
-
the session handler needs to be enabled before the persistent data storage can be used
Some functions that can be called by the Script Handler can store data within the session. If you use one of these functions, your script can only work when the Session Handler is also active. Add the Session Handler to your ruleset.
Secure Connection Handler
This handler can write the following entries to the log files:
-
required valid client certificate not received CERTIFICATE
The request was denied because the option ClientCert was enabled but no valid client certificate was received.
-
SSL connection required
The request was denied because the option enforce ssl was enabled but the request was not sent via SSL.
-
ssl protocol version not allowed VERSION
The request was denied because the SSL protocol used was older than the protocols allowed by the option minimal ssl version.
-
unsupported or not allowed SSL client cipher CIPHER
The request was denied because the encryption algorithm used did not conform to the standard available on the web server and was not included in the additional ciphers list. Another reason can be that the encryption level was below the minimum encryption level required (attribute CipherBits).
Session Handler
This handler can write the following entries to the log files:
-
could not decode response body (wrong content-type) - ignoring this response
vWAF was not able to decode the request’s response body because a wrong content type was specified there. Check your web application to fix this inconsistency as soon as possible so that vWAF can reliably check all responses.
The response was not checked.
See: Session Handler
-
too many new sessions per ip
The request was denied because there were too many sessions per IP address at a time.
The handler could only handle a subset of these sessions successfully.
Often, this indicates the attempt of a brute force attack. Only if you are sure that this was not the case should you increase the maximum number of sessions per IP address allowed (attributes limitNewSessionsPerIPperMinute and limitNewSessionsPerIPBurst).
See: Session Handler
Shortcut Handler
This handler can write the following entries to the log files:
-
permit this request
This is the standard message of the Shortcut Handler. The request was accepted immediately, bypassing all other handlers.
See: Shortcut Handler
Simple Form Protection Handler
This handler can write the following entries to the log files:
-
invalid argument PATTERN
The request was denied because an argument matched one of the blacklist args or did not match any of the protected form fields custom regex.
Time Period Handler
This handler can write the following entries to the log files:
-
request during this time period not allowed
The request was denied because the time of the request did not fall into one of the valid time intervals.
See: Time Period Handler
Url Encryption Handler
This handler can write the following entries to the log files:
-
could not decode response body (wrong content-type) - ignoring this response
vWAF was not able to decode the request’s response body because a wrong content type was specified there. Check your web application to fix this inconsistency as soon as possible so that vWAF can reliably check all responses.
The response was not checked.
-
invalid url - redirect to MAINPAGE
The user was redirected to the mainpage because the URL given in the request was not in the list of permissible entry points.
-
the session handler needs to be enabled before this handler can be used
The Url Encryption Handler could not work because the Session Handler was not enabled. Add the Session Handler to your ruleset.
Valid Client IP Handler
This handler can write the following entries to the log files:
-
invalid client ip (blacklist) IP
The request was denied because the IP address matched with one of the IP-ranges specified by the attribute client ip blacklist.
-
invalid client ip (DNS timeout) IP
The request was denied because the external realtime blacklist wasn’t available and the option rbl on timeout allow request was not activated.
-
invalid client ip (dynamic blacklist) IP
The request was denied because the IP address was not on the client ip whitelist but on the global IP blacklist.
-
invalid client ip (from DNS) IP
The request was denied because the IP address was on the external realtime blacklist (rbl).
-
invalid client ip (no whitelist) IP
The request was denied because the IP address did not match with any of the IP-ranges specified by the attribute client ip whitelist.
Valid HTTP Method Handler
This handler can write the following entries to the log files:
-
content-length required
The request was denied because no value was set for the attribute max content length.
-
method METHOD not allowed here
The request was denied because the given method was not explicitly allowed.
-
method METHOD not implemented
The request was denied because the given method is not supported.
-
request too large
The request was denied because its content length exceeded the value given for the attribute max content length.
Valid Request Handler
This handler can write the following entries to the log files:
-
forbidden protocol PROTOCOL
The request was denied because it used a protocol that was not explicitly allowed (attribute allowedProtocols).
-
forbidden proxy request
The request was denied because it was a proxy request and the option allow proxy requests wasn’t enabled.
-
invalid encoding
The request was denied because it contained invalid characters or syntax errors.
-
proxy request with different host header: HOST found
Even though the option allow proxy requests was enabled, the request was denied because it specified a different host header.
Valid XML Handler
This handler can write the following entries to the log files:
-
could not validate argument, dtd missing!
The DTD file specified in the Valid XML Handler settings could not be read. Possibly the file was moved, deleted, renamed, or access was denied. However, the request was accepted.
-
invalid xml argument
The request was denied because the XML data did not conform to with the specified DTD.
Virtualize Form Field Handler
This handler can write the following entries to the log files:
-
cannot parse arguments …
The decider was unable to parse the arguments of the request. Either the request was malformed or the encoding could not be recognized.
If in Global Configuration the option allow traffic if we cannot parse the request was enabled, the request was accepted.
If in Global Configuration the option allow traffic if we cannot parse the request was not enabled, the request was denied.
-
Decoding errors of 'VALUE' found. Possible tampering detected.
The Virtualize Form Field Handler was not able to decode all FORM fields successfully.
It’s possible but not certain that an attacker attempted to tamper with these FORM fields. The request was accepted though because the option allow decoding errors was enabled.
- tampering detected - redirecting to REDIRECT PAGE
A tampering attempt was detected and thus the request was denied. Because the option redirect tampering was enabled, the user was redirected to the page specified by the attribute redirect page.
- the session handler needs to be enabled before this handler can be used
The Virtualize Form Field Handler could not work properly because the Session Handler was not enabled. Please add the Session Handler to your ruleset.
Vulnerability Protection Handler
This handler can write the following entries to the log files:
- LOG TEXT FROM EXTERNAL PROVIDER
The request matched one of the patterns identified by one of the linked external application scanners.
Depending on the active mitigation rules, the request was either denied, or it was accepted with the malicious code altered or removed.
Whitelist Handler
This handler can write the following entries to the log files:
- cannot parse arguments …
The decider was unable to parse the arguments of the request. Either the request was malformed or the encoding could not be recognized.
If in Global Configuration the option allow traffic if we cannot parse the request was enabled, the request was accepted.
If in Global Configuration the option allow traffic if we cannot parse the request was not enabled, the request was denied.
- invalid form field (deny) FIELDINFO
The request was denied because it addressed a form field that was not covered by the protected form fields attribute.
See: Whitelist Handler
- invalid protected field (deny) FIELDINFO
The request was denied because the value of the form field did not match with the whitelist (attribute protected form fields).
See: Whitelist Handler
- unprotected form field (allow) FIELDINFO
This is an extra entry, created because the option log unknown form fields was enabled. The entry shows the key and the value of the field.
The request was not denied. See: Whitelist Handler