Forum Discussion

Nimbostratus

Dec 16, 2022

unknown method in request: How to suppress events / logs?

Hi, we have a lot of "unknown method" requests caused by some automated scanner sending: "PRI * HTTP/2". As far as I read the docs, these requests are not specific harmful. How can we block the...

security

Omar2

Cirrus

Dec 16, 2022

Hello Michael,

If your Policy is in blocking mode and you select alarm and block settings for "illegal method" as in attached screenshot and the method your scanner is using on the request is not in the allowed method list as in screenshot, Your request will be blocked and you will have a log with a violation "Illegal method".

But, You can bypass your WAF for the scanner IP and select not to block any request generated from it by configuring the scanner IP under Application Security : IP Addresses : IP Address Exceptions and also select the option Block this IP Address "Never block this IP" and also if you don't want to see any logs from this IP you can select the option "Never log traffic from this IP Address" to be enabled.

Forum Discussion

unknown method in request: How to suppress events / logs?

Recent Discussions

About custome Response Blocking Page

About IPI check ip list

Cookie Violation - Expired TimeStamp.

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

CGNAT with DS-lite and LSN

Related Content

suppressed messages in ltm log

Suppress MFA for a period of time

Distributed caching of authentication requests with NGINX Ingress Controller

Logging DNS Requests

Mitigating the Unknown