WAF Signatures

• 2FA1 – Request blocked, missing 2 factor authentication
• 2FA2 – Request blocked, missing 2 factor authentication
• 2FA3 – Request blocked, missing 2 factor authentication
• ANP230 – Non standard POST request – Bot initiated
• BAK023 – Backdoor access denied
• BAK024 – Backdoor location denied
• BBOT65 – Brute force bot blocked
• BLACK02 – Blacklisted IP address
• BLKUNF1 – Unfiltered HTML not authorized
• BLKUP2 – Content (or upload) not authorized
• BNP002 – Scanning tool blocked
• BNP003 – Bad bot access denied
• BNP004 – Request blocked, aggressive bot filter
• BNP005 – Request blocked, aggressive bot filter
• BNP006 – Request blocked, aggressive bot filter
• CMB055 – Spam comment or xmlrpc denied
• CUST01 – Access to this URL is not allowed
• DDOS21 – DDOS attempt blocked
• ddos22 – DDOS attempt blocked
• DIR081 – Directory listing not authorized
• EVA079 – Evasion attempt denied
• EVA080 – Evasion through obfuscation denied
• EVA120 – Evasion attempt denied
• EXP034 – Exploit attempt denied
• EXP035 – Timthumb exploit attempt denied
• EXP036 – DB exploit attempt
• EXP037 – Exploit or backdoor access denied
• EXPVH3 – Exploit blocked by virtual hardening
• EXPVP1 – Exploit blocked by virtual patching
• EXPVP16 – Exploit Blocked by Virtual Patching
• EXPVP2 – Exploit blocked by virtual patching
• EXPVP3 – Exploit Blocked by Virtual Patching
• EXPVP5 – Exploit Blocked by Virtual Patching
• EXPVP9 – Exploit Blocked by Virtual Patching
• FBP006 – Fake bot access
• GEO01 – GeoIP Block
• GEO02 – GeoIP Block
• INA154 – HTTP protocol anomaly – Missing user agent
• IPB17 – IP Address not whitelisted
• MET043 – HTTP method not allowed
• NONE – Other
• OBF080 – Obfuscated attack payload detected
• PAR010 – Access denied – Site in lock down
• PBI009 – Blacklisted IP
• PHPi20 – PHP injection blocked
• PTA134 – HTTP protocol anomaly detected
• PTA155 – HTTP protocol anomaly detected
• PTA157 – HTTP protocol anomaly detected
• rce001 – Remote command execution blocked
• rce002 – Remote command execution blocked
• rfi001 – RFI/LFI attempt
• rfi002 – An attempted RFI/LFI was detected and blocked.
• RFI008 – RFI/LFI attempt
• RFI009 – RFI/LFI attempt
• RFI010 – RFI/LFI attempt
• rpcbot01 – XMLRPC bot was blocked.
• SCO135 – Malicious cookie payload blocked
• SFD004 – Access to restricted folder
• SFD005 – Access to restricted folder
• SPAM33 – Spam request blocked
• sqli01 – SQL injection was detected and blocked.
• sqli02 – SQL injection was detected and blocked.
• SQLi14 – SQL injection attempt
• SQLi15 – SQL injection payload detected
• SQLi16 – SQL injection payload detected
• SQLi17 – SQL injection payload detected
• SQLi18 – SQL injection payload detected
• sqli20 – SQL injection was detected and blocked.
• sqli21 – SQL injection was detected and blocked.
• sqli22 – SQL injection was detected and blocked.
• sqli23 – SQL injection was detected and blocked.
• sqli24 – SQL injection was detected and blocked.
• sqli25 – SQL injection was detected and blocked.
• sqli26 – SQL injection was detected and blocked.
• sqli27 – SQL injection was detected and blocked.
• sqli28 – SQL injection was detected and blocked.
• sqli29 – SQL injection was detected and blocked.
• sqli30 – SQL injection was detected and blocked.
• sqli31 – SQL injection was detected and blocked.
• sqli32 – SQL injection was detected and blocked.
• sqli40 – SQL injection was detected and blocked.
• sqli70 – SQL injection was detected and blocked.
• sqli71 – SQL injection was detected and blocked.
• SSI017 – SSI injection blocked
• SUR003 – Suspicious URL
• TMP021 – Blocked by IDS
• UAi029 – User Agent injection blocked
• UAT007 – Request not authorized
• xss001 – An attempted XSS (Cross site scripting) was detected and blocked.
• XSS012 – XSS attempt
• XSS013 – XSS payload detected
• XSS014 – XSS payload detected
• xss020 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss021 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss022 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss023 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss024 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss025 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss026 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss027 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss028 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss029 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss030 – An attempted XSS (Cross site scripting) was detected and blocked.
• xss031 – An attempted XSS (Cross site scripting) was detected and blocked.
• UP010 – Upload size Restricted by the Administrator
• EVA081 – Evasion through obfuscation denied
• EXPVH4 – Exploit blocked by virtual hardening
• EXPVP10 – Exploit blocked by virtual patching
• EXPVP11 – Exploit blocked by virtual patching
• EXPVP12 – Exploit blocked by virtual patching
• EXPVP13 – Exploit blocked by virtual patching
• EXPVP14 – Exploit blocked by virtual patching
• EXPVP15 – Exploit blocked by virtual patching
• EXPVP16 – Exploit blocked by virtual patching
• EXPVP17 – Exploit blocked by virtual patching
• EXPVP18 – Exploit blocked by virtual patching
• EXPVP4 – Exploit blocked by virtual patching
• EXPVP6 – Exploit blocked by virtual patching
• EXPVP7 – Exploit blocked by virtual patching
• EXPVP8 – Exploit blocked by virtual patching
• EXPVP9 – Exploit blocked by virtual patching
• RCE010 – Remote command execution blocked
• SQLi19 – SQL injection was detected and blocked.
• XSS015 – XSS payload detected
• XSS016 – XSS payload detected