Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Activity Processors: Method Processor: Incident - Missing HTTP Protocol

    Complexity: Medium (3.0)

    Default Response: 1x = Slow Connection 2-6 seconds & 1 Hour Clear Inputs

    Cause: HTTP comes in several different versions. These are specified in each request issued by a client to the webserver. The acceptable standard versions are 0.9, 1.0, and 1.1. Any other protocol represents a nonstandard HTTP request issued by a non-standard HTTP client. Under nearly every legitimate use-case, there is no reason to either omit the protocol or to provide one that is not standard. This incident triggers whenever a user submits a request that is completely missing a protocol version. This would represent a clear violation of the HTTP protocol RFC specifications.

    Behavior: This incident is likely to occur whenever the attacker is attempting to create a custom attack script against the website. They can have either forgotten to include a protocol value, or they are intentionally omitting it to prevent intended functionality by one of the devices that processes the request. For example, an attacker can try to submit a request without a protocol in an effort to break security devices protecting the webserver. These security devices might not be able to handle non-standard protocols correctly, and as a result, can allow malicious requests to reach the backend unmodified.

    Published: 2014-06-27