Possible attack - many requests with status code 404

In case the EVENT_WR-Y-attack-601 warning (Possible attack - {NUM} requests with statuscode 404 within {NUM} seconds) appears frequently, this can have the following causes:

  • Bad links inside or outside the application.
  • Forceful browsing, especially if all requests come from the same IP address.
  • A misconfiguration of Airlock Gateway.

Since unnecessary requests affect the overall system performance, the cause(s) should be addressed soon.

In this case, we do not recommend event adjustment, which could only suppress the symptoms instead of addressing the causes.

Research and countermeasures

Research the cause(s) before taking any countermeasures.

  • Analyze why the 404 responses occur:
  • Are there missing files? Which files cannot be found, and why?
  • Are there broken links in the application, that are repeatedly used by a user?
  • Is the event possibly triggered by forceful browsing?

As a countermeasure for forceful browsing, use the Gateway URL encryption feature to effectively protect your application.