Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 4112 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question about: The packet has *not* been dropped.

webservio
Hello Everyone,

Although in my IDP section I have check marked Drop for Action as well as Add extra warnings and Notify I still get Alerts with notification that packet has not been dropped (see below). Am I missing anything?


Intrusion Prevention Alert

An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future,
set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.

Details about the intrusion alert:

Message........: POLICY-OTHER web server file upload attempt


This thread was automatically locked due to age.
Parents
  • 0
    Hi, 

    Besides the listed attack patterns, there is an option for 'enable extra warnings'.

    If you enable that, it turns on additional rules/patterns, but they are set to 'alert' instead of 'drop', probably because they have a higher false-positive rate than the other rulesets.

    As Scott says, you would have to use the Rule Modification to change each one to Drop.
    That would be time consuming if you wanted to modify all of them, and you would probably end up blocking a lot of good traffic.

    Barry
  • 0 in reply to BarryG
    Thanks very much for your help!
Reply Children
No Data