These are all available block messages.
Message ID | Attack Type | Block Type | Description |
|---|---|---|---|
WR-SG-BLOCK-108-01 | Filter evasion | Multipart Parser | illegal boundary characters "..." found in multipart POST |
WR-SG-BLOCK-108-02 | Filter evasion | Multipart Parser | multiple content-disposition headers found in multipart POST |
WR-SG-BLOCK-108-03 | Filter evasion | Multipart Parser | nesting level (...) exceeded in multipart POST |
WR-SG-BLOCK-108-04 | Filter evasion | Multipart Parser | Syntax Error in multipart POST: no delimiter found in request body "..." |
WR-SG-BLOCK-108-05 | Filter evasion | Multipart Parser | delimiter found in multipart header "..." |
WR-SG-BLOCK-108-06 | Filter evasion | Multipart Parser | multiple multipart boundary definitions found in content-type header "..." |
WR-SG-BLOCK-108-07 | Filter evasion | Multipart Parser | Syntax Error in multipart POST: Error while parsing multipart header "..." |
WR-SG-BLOCK-108-08 | Filter evasion | Multipart Parser | multipart boundary definition not found in content-type header "..." |
WR-SG-BLOCK-108-10 | Filter evasion | Multipart Parser | Syntax Error in multipart POST: Missing newline characters ... |
WR-SG-BLOCK-108-11 | Filter evasion | Multipart Parser | Syntax Error in multipart POST: Missing delimiter |
WR-SG-BLOCK-108-20 | Unsafe multipart headers | Multipart Parser | Multipart header deny list rule was triggered by multipart header "..." |
WR-SG-BLOCK-108-21 | Unsafe multipart headers | Multipart Parser | Multipart header allow list rule was triggered by multipart header "..." |
WR-SG-BLOCK-108-30 | Filter evasion | Multipart Parser | Error while decoding multipart content: ...: "..." |
WR-SG-BLOCK-108-35 | Filter evasion | Multipart Parser | Trailing characters found after encoded content "..." |
WR-SG-BLOCK-108-40 | Filter evasion | Multipart Parser | Filename was empty but content was not |
WR-SG-BLOCK-109-01 | Filter evasion | JSON Parser | JSON syntax error message: "..." in ... |
WR-SG-BLOCK-109-02 | Filter evasion | JSON Parser | Failed to sanitize JSON data (UTF8) in ... |
WR-SG-BLOCK-109-03 | Filter evasion | JSON Parser | Failed to convert JSON data (from ... to UTF-8) in ... |
WR-SG-BLOCK-120-01 | URL tampering | URL Encryption | Decryption failed for request URL using passphrase based encryption. URL has been modified by client or was encrypted for a different user session using session based encryption. |
WR-SG-BLOCK-120-02 | URL tampering | URL Encryption | Decryption failed for request URL using session based encryption. URL has been modified by client. |
WR-SG-BLOCK-120-03 | URL tampering | URL Encryption | Request URL is not or incorrectly encrypted (unrecognized/wrong encryption mode). |
WR-SG-BLOCK-120-04 | URL tampering | URL Encryption | Decryption failed for encrypted request URL. URL belongs to an unknown (expired or otherwise different) session or the passphrase has changed. |
WR-SG-BLOCK-120-05 | URL tampering | URL Encryption | Request URL is PBE encrypted but SBE is configured. |
WR-SG-BLOCK-131-01 | Filter evasion | Parameter Normalization | Filter notification: parameter normalization failed on data "..." using default charset:... fallback:... |
WR-SG-BLOCK-131-02 | Filter evasion | Parameter Normalization | Filter notification: parameter normalization failed on data "..." using charset from content-type:... |
WR-SG-BLOCK-131-03 | Filter evasion | Parameter Normalization | Filter notification: parameter normalization not possible from unsupported charset derived from content-type "..." |
WR-SG-BLOCK-131-04 | Filter evasion | Parameter Normalization | Filter notification: ... in path "...". UTF-8 is enforced. |
WR-SG-BLOCK-131-05 | Filter evasion | Parameter Normalization | Filter notification: ... in header "...". UTF-8 is enforced. |
WR-SG-BLOCK-131-06 | Filter evasion | Parameter Normalization | Filter notification: ... in ... "...". UTF-8 is enforced. |
WR-SG-BLOCK-131-07 | Filter evasion | Parameter Normalization | Filter notification: Charset encoding "..." found in Content-Type header. UTF-8 is enforced. |
WR-SG-BLOCK-135-01 | Parameter tampering | URL Encryption | Location parameter "..." with value "..." is invalid: ... |
WR-SG-BLOCK-111-00 | URL tampering | Allow Rule | no allow rule matched |
WR-SG-BLOCK-111-01 | Request tampering | Allow Rule | Request IP address ip:... does not match IP pattern "..." , path pattern:"..." |
WR-SG-BLOCK-111-06 | Request tampering | Allow Rule | Content-Type of request (...) does not match Content-Type pattern "..." , path pattern:"..." |
WR-SG-BLOCK-111-05 | Request tampering | Allow Rule | HTTP method "..." does not match the method pattern "..." |
WR-SG-BLOCK-111-04 | Parameter tampering | Allow Rule | Parameter value is not allowed. Value "..." of parameter "..." does not match value pattern "..." , path pattern:"..." |
WR-SG-BLOCK-111-08 | Parameter tampering | Allow Rule | Parameter "..." is not allowed because there is no parameter rule defined that would match the parameter name. The parameter value would be "..." , path pattern:"..." |
WR-SG-BLOCK-111-07 | Parameter tampering | Allow Rule | The request must contain a parameter matching pattern "..." , path pattern:"..." |
WR-SG-BLOCK-111-20 | URL tampering | Parameter Limits | Path has length ..., but at most ... would be allowed |
WR-SG-BLOCK-111-21 | Parameter tampering | Parameter Limits | There are ... parameters, but at most ... would be allowed |
WR-SG-BLOCK-111-22 | Parameter tampering | Parameter Limits | Length of parameter name "..." is ... bytes, but at most ... bytes would be allowed |
WR-SG-BLOCK-111-23 | Parameter tampering | Parameter Limits | Value "..." of parameter "..." contains ... bytes, but at most ... bytes would be allowed |
WR-SG-BLOCK-115 | <according to rule> | OpenAPI | ... |
WR-SG-BLOCK-116 | <according to rule> | JSON Limits | ... |
WR-SG-BLOCK-122-00 | Parameter tampering | Form Protection | Parameter "..." is illegal according to form signature |
WR-SG-BLOCK-122-02 | Parameter tampering | Form Protection | Value "..." of parameter "..." is illegal according to form signature |
WR-SG-BLOCK-122-03 | Parameter tampering | Form Protection | Value length of parameter "..." (... bytes) exceeds maximum allowed length (... bytes). |
WR-SG-BLOCK-122-04 | Parameter tampering | Form Protection | Form signature ID is invalid. |
WR-SG-BLOCK-122-05 | Parameter tampering | Form Protection | Value "..." for parameter "..." of type "..." is invalid according to validation pattern "..." |
WR-SG-BLOCK-122-06 | Parameter tampering | Form Protection | Required parameters {...} have been omitted |
WR-SG-BLOCK-130 | Cross-site request forgery | CSRF Protection | CSRF attack detected. CSRF token is invalid or missing. |
WR-SG-BLOCK-190 | Bot access | Bot Management | The client does not support cookies: ... |
WR-SG-BLOCK-110-01 | <according to rule> | Deny Rule | Deny rule was triggered |
WR-SG-BLOCK-112 | Unwanted IP | IP Whitelist | IP whitelist did not match |
WR-SG-BLOCK-113 | <according to rule> | Threat Intelligence | Bad IP detected |
WR-SG-BLOCK-114 | Deny Listed IP | IP Blacklist | IP blacklist matched |
WR-SG-BLOCKDET-110-01 | <according to rule> | Deny Rule | Blocked path: "..." |
WR-SG-BLOCKDET-110-02 | <according to rule> | Deny Rule | Blocked method: "..." |
WR-SG-BLOCKDET-110-03 | <according to rule> | Deny Rule | Blocked Content-Type: "..." |
WR-SG-BLOCKDET-110-04 | <according to rule> | Deny Rule | Blocked source-IP: "..." |
WR-SG-BLOCKDET-110-05 | <according to rule> | Deny Rule | Blocked parameter: "...=..." (...) |
WR-SG-BLOCKDET-110-06 | <according to rule> | Deny Rule | Blocked header: "...: ..." |
WR-SG-BLOCK-140-01 | Parameter pollution | HTTP Parameter Pollution | Multiple parameters with the same name "..." and different types (..., ...) found |
WR-SG-BLOCK-145 | Filter evasion | Web Listener Checks | Maximum request body size exceeded |
WR-SG-BLOCK-125 | Parameter tampering | DyVE | Parameter "..." with value "..." is illegal according to dynamic value endorsement |
WR-SG-BLOCK-150-01 | Behaviour anomaly | Client Fingerprinting | Client Fingerprinting: Blocking request |
WR-SG-BLOCK-150-02 | Behaviour anomaly | Client Fingerprinting | Client Fingerprinting: Blocking request and terminating session |
WR-SG-BLOCK-160 | Denial of service | DOS Thresholds | Maximum number of allowed requests (...) within ... seconds for this IP (...) reached |
WR-SG-BLOCK-180 | Recurring Attack | Dynamic IP Blacklist | Blocked due to Dynamic IP blacklist |
WR-SG-BLOCK-170 | Illegal payload | ICAP | ICAP service "..." at ...:... blocked in REQMOD |
WR-SG-BLOCK-161 | Denial of service | DOS Thresholds | Maximum number of allowed sessions (...) for this IP reached |
WR-SG-BLOCK-155 | Behaviour anomaly | Anomaly Shield | Session anomaly detected by Anomaly Shield rule "...". Executing block actions: ... |
WR-SG-BLOCK-156 | Behaviour anomaly | Anomaly Shield | IP blocked due to previous anomalous behaviour detected by Anomaly Shield rule |