Thousands of intrusion attacks reported

Question

We are seeing thousands of alerts from our Sophos Firewall Manager and from the local Sophos XG firewalls and most of them are either "Apache HTTP Server mod_rewrite RewriteLog Command Execution dangerous" or "Autodesk Design Review GIF GlobalColorTable DataSubBlock Buffer Overflow". 
 I have re-enabled IPS for my main firewall policy for user outbound Internet browsing (was told by support at one time to disable that, then found a post that said to enable it...???). 
 I also enabled some setting under the DoS settings too... 
 I need to know if these attacks are getting through and doing any real damage or is the firewall just reporting what it sees and I am protected? 
 I have a feeling the Autodesk alert is related to the fact that we have hundreds of Autodesk application users internally and this is just some false positive that the firewall is not sure what to do with, but that is a concern too. 
 Mainly looking for advice on how to best interpret these alerts.

Aditya Patel · Answer

Hi JohnSmock , 
 First we check for the IPS alerts . You would need to check the IPS logs for the same and if you network is impacted due to packets dropped under IPS then you need to add a Rule an IPS policy to Change the recommended action as Allow . It's not a False positive as it may use such signature used in an attack/prone to exploit . You may Bypass the IPS by allowing the signature and positioning on the top . 
 More information about the signature 
 Autodesk Design Review GIF GlobalColorTable DataSubBlock Buffer Overflow 
 Apache HTTP Server mod_rewrite RewriteLog Command Execution dangerou s 
 Thanks and Regards 
 Aditya Patel | Network and Security Engineer.