Activity Processors: Method Processor: Incident - Missing HTTP Protocol

Complexity: Medium (3.0)

Default Response: 1x = Slow Connection 2-6 seconds & 1 Hour Clear Inputs

Cause: HTTP comes in several different versions. These are specified in each request issued by a client to the webserver. The acceptable standard versions are 0.9, 1.0, and 1.1. Any other protocol represents a nonstandard HTTP request issued by a non-standard HTTP client. Under nearly every legitimate use-case, there is no reason to either omit the protocol or to provide one that is not standard. This incident triggers whenever a user submits a request that is completely missing a protocol version. This would represent a clear violation of the HTTP protocol RFC specifications.

Behavior: This incident is likely to occur whenever the attacker is attempting to create a custom attack script against the website. They can have either forgotten to include a protocol value, or they are intentionally omitting it to prevent intended functionality by one of the devices that processes the request. For example, an attacker can try to submit a request without a protocol in an effort to break security devices protecting the webserver. These security devices might not be able to handle non-standard protocols correctly, and as a result, can allow malicious requests to reach the backend unmodified.