Forum Discussion

misch43's avatar
misch43
Icon for Nimbostratus rankNimbostratus
Dec 16, 2022

unknown method in request: How to suppress events / logs?

Hi,   we have a lot of "unknown method" requests caused by some automated scanner sending: "PRI * HTTP/2". As far as I read the docs, these requests are not specific harmful. How can we block the...
security
Omar2's avatar
Omar2
Icon for Cirrus rankCirrus
Dec 16, 2022

Hello Michael,

If your Policy is in blocking mode and you select alarm and block settings for "illegal method" as in attached screenshot and the method your scanner is using on the request is not in the allowed method list as in screenshot, Your request will be blocked and you will have a log with a violation "Illegal method".

But, You can bypass your WAF for the scanner IP and select not to block any request generated from it by configuring the scanner IP under  Application Security : IP Addresses : IP Address Exceptions and also select the option Block this IP Address "Never block this IP" and also if you don't want to see any logs from this IP you can select the option "Never log traffic from this IP Address" to be enabled.