Log messages

These are all available block messages.

Message ID

Attack Type

Block Type

Description

WR-SG-BLOCK-108-01

Filter evasion

Multipart Parser

illegal boundary characters "..." found in multipart POST

WR-SG-BLOCK-108-02

Filter evasion

Multipart Parser

multiple content-disposition headers found in multipart POST

WR-SG-BLOCK-108-03

Filter evasion

Multipart Parser

nesting level (...) exceeded in multipart POST

WR-SG-BLOCK-108-04

Filter evasion

Multipart Parser

Syntax Error in multipart POST: no delimiter found in request body "..."

WR-SG-BLOCK-108-05

Filter evasion

Multipart Parser

delimiter found in multipart header "..."

WR-SG-BLOCK-108-06

Filter evasion

Multipart Parser

multiple multipart boundary definitions found in content-type header "..."

WR-SG-BLOCK-108-07

Filter evasion

Multipart Parser

Syntax Error in multipart POST: Error while parsing multipart header "..."

WR-SG-BLOCK-108-08

Filter evasion

Multipart Parser

multipart boundary definition not found in content-type header "..."

WR-SG-BLOCK-108-10

Filter evasion

Multipart Parser

Syntax Error in multipart POST: Missing newline characters ...

WR-SG-BLOCK-108-11

Filter evasion

Multipart Parser

Syntax Error in multipart POST: Missing delimiter

WR-SG-BLOCK-108-20

Unsafe multipart headers

Multipart Parser

Multipart header deny list rule was triggered by multipart header "..."

WR-SG-BLOCK-108-21

Unsafe multipart headers

Multipart Parser

Multipart header allow list rule was triggered by multipart header "..."

WR-SG-BLOCK-108-30

Filter evasion

Multipart Parser

Error while decoding multipart content: ...: "..."

WR-SG-BLOCK-108-35

Filter evasion

Multipart Parser

Trailing characters found after encoded content "..."

WR-SG-BLOCK-108-40

Filter evasion

Multipart Parser

Filename was empty but content was not

WR-SG-BLOCK-109-01

Filter evasion

JSON Parser

JSON syntax error message: "..." in ...

WR-SG-BLOCK-109-02

Filter evasion

JSON Parser

Failed to sanitize JSON data (UTF8) in ...

WR-SG-BLOCK-109-03

Filter evasion

JSON Parser

Failed to convert JSON data (from ... to UTF-8) in ...

WR-SG-BLOCK-120-01

URL tampering

URL Encryption

Decryption failed for request URL using passphrase based encryption. URL has been modified by client or was encrypted for a different user session using session based encryption.

WR-SG-BLOCK-120-02

URL tampering

URL Encryption

Decryption failed for request URL using session based encryption. URL has been modified by client.

WR-SG-BLOCK-120-03

URL tampering

URL Encryption

Request URL is not or incorrectly encrypted (unrecognized/wrong encryption mode).

WR-SG-BLOCK-120-04

URL tampering

URL Encryption

Decryption failed for encrypted request URL. URL belongs to an unknown (expired or otherwise different) session or the passphrase has changed.

WR-SG-BLOCK-120-05

URL tampering

URL Encryption

Request URL is PBE encrypted but SBE is configured.

WR-SG-BLOCK-131-01

Filter evasion

Parameter Normalization

Filter notification: parameter normalization failed on data "..." using default charset:... fallback:...

WR-SG-BLOCK-131-02

Filter evasion

Parameter Normalization

Filter notification: parameter normalization failed on data "..." using charset from content-type:...

WR-SG-BLOCK-131-03

Filter evasion

Parameter Normalization

Filter notification: parameter normalization not possible from unsupported charset derived from content-type "..."

WR-SG-BLOCK-131-04

Filter evasion

Parameter Normalization

Filter notification: ... in path "...". UTF-8 is enforced.

WR-SG-BLOCK-131-05

Filter evasion

Parameter Normalization

Filter notification: ... in header "...". UTF-8 is enforced.

WR-SG-BLOCK-131-06

Filter evasion

Parameter Normalization

Filter notification: ... in ... "...". UTF-8 is enforced.

WR-SG-BLOCK-131-07

Filter evasion

Parameter Normalization

Filter notification: Charset encoding "..." found in Content-Type header. UTF-8 is enforced.

WR-SG-BLOCK-135-01

Parameter tampering

URL Encryption

Location parameter "..." with value "..." is invalid: ...

WR-SG-BLOCK-111-00

URL tampering

Allow Rule

no allow rule matched

WR-SG-BLOCK-111-01

Request tampering

Allow Rule

Request IP address ip:... does not match IP pattern "..." , path pattern:"..."

WR-SG-BLOCK-111-06

Request tampering

Allow Rule

Content-Type of request (...) does not match Content-Type pattern "..." , path pattern:"..."

WR-SG-BLOCK-111-05

Request tampering

Allow Rule

HTTP method "..." does not match the method pattern "..."

WR-SG-BLOCK-111-04

Parameter tampering

Allow Rule

Parameter value is not allowed. Value "..." of parameter "..." does not match value pattern "..." , path pattern:"..."

WR-SG-BLOCK-111-08

Parameter tampering

Allow Rule

Parameter "..." is not allowed because there is no parameter rule defined that would match the parameter name. The parameter value would be "..." , path pattern:"..."

WR-SG-BLOCK-111-07

Parameter tampering

Allow Rule

The request must contain a parameter matching pattern "..." , path pattern:"..."

WR-SG-BLOCK-111-20

URL tampering

Parameter Limits

Path has length ..., but at most ... would be allowed

WR-SG-BLOCK-111-21

Parameter tampering

Parameter Limits

There are ... parameters, but at most ... would be allowed

WR-SG-BLOCK-111-22

Parameter tampering

Parameter Limits

Length of parameter name "..." is ... bytes, but at most ... bytes would be allowed

WR-SG-BLOCK-111-23

Parameter tampering

Parameter Limits

Value "..." of parameter "..." contains ... bytes, but at most ... bytes would be allowed

WR-SG-BLOCK-115

<according to rule>

OpenAPI

...

WR-SG-BLOCK-116

<according to rule>

JSON Limits

...

WR-SG-BLOCK-122-00

Parameter tampering

Form Protection

Parameter "..." is illegal according to form signature

WR-SG-BLOCK-122-02

Parameter tampering

Form Protection

Value "..." of parameter "..." is illegal according to form signature

WR-SG-BLOCK-122-03

Parameter tampering

Form Protection

Value length of parameter "..." (... bytes) exceeds maximum allowed length (... bytes).

WR-SG-BLOCK-122-04

Parameter tampering

Form Protection

Form signature ID is invalid.

WR-SG-BLOCK-122-05

Parameter tampering

Form Protection

Value "..." for parameter "..." of type "..." is invalid according to validation pattern "..."

WR-SG-BLOCK-122-06

Parameter tampering

Form Protection

Required parameters {...} have been omitted

WR-SG-BLOCK-130

Cross-site request forgery

CSRF Protection

CSRF attack detected. CSRF token is invalid or missing.

WR-SG-BLOCK-190

Bot access

Bot Management

The client does not support cookies: ...

WR-SG-BLOCK-110-01

<according to rule>

Deny Rule

Deny rule was triggered

WR-SG-BLOCK-112

Unwanted IP

IP Whitelist

IP whitelist did not match

WR-SG-BLOCK-113

<according to rule>

Threat Intelligence

Bad IP detected

WR-SG-BLOCK-114

Deny Listed IP

IP Blacklist

IP blacklist matched

WR-SG-BLOCKDET-110-01

<according to rule>

Deny Rule

Blocked path: "..."

WR-SG-BLOCKDET-110-02

<according to rule>

Deny Rule

Blocked method: "..."

WR-SG-BLOCKDET-110-03

<according to rule>

Deny Rule

Blocked Content-Type: "..."

WR-SG-BLOCKDET-110-04

<according to rule>

Deny Rule

Blocked source-IP: "..."

WR-SG-BLOCKDET-110-05

<according to rule>

Deny Rule

Blocked parameter: "...=..." (...)

WR-SG-BLOCKDET-110-06

<according to rule>

Deny Rule

Blocked header: "...: ..."

WR-SG-BLOCK-140-01

Parameter pollution

HTTP Parameter Pollution

Multiple parameters with the same name "..." and different types (..., ...) found

WR-SG-BLOCK-145

Filter evasion

Web Listener Checks

Maximum request body size exceeded

WR-SG-BLOCK-125

Parameter tampering

DyVE

Parameter "..." with value "..." is illegal according to dynamic value endorsement

WR-SG-BLOCK-150-01

Behaviour anomaly

Client Fingerprinting

Client Fingerprinting: Blocking request

WR-SG-BLOCK-150-02

Behaviour anomaly

Client Fingerprinting

Client Fingerprinting: Blocking request and terminating session

WR-SG-BLOCK-160

Denial of service

DOS Thresholds

Maximum number of allowed requests (...) within ... seconds for this IP (...) reached

WR-SG-BLOCK-180

Recurring Attack

Dynamic IP Blacklist

Blocked due to Dynamic IP blacklist

WR-SG-BLOCK-170

Illegal payload

ICAP

ICAP service "..." at ...:... blocked in REQMOD

WR-SG-BLOCK-161

Denial of service

DOS Thresholds

Maximum number of allowed sessions (...) for this IP reached

WR-SG-BLOCK-155

Behaviour anomaly

Anomaly Shield

Session anomaly detected by Anomaly Shield rule "...". Executing block actions: ...

WR-SG-BLOCK-156

Behaviour anomaly

Anomaly Shield

IP blocked due to previous anomalous behaviour detected by Anomaly Shield rule