Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

unknown method in request: How to suppress events / logs?

misch43
Nimbostratus
Nimbostratus

Hi,

 

we have a lot of "unknown method" requests caused by some automated scanner sending: "PRI * HTTP/2".

As far as I read the docs, these requests are not specific harmful.

How can we block these requests without generating an event, reassign a different violation rating or suppress displaying it in the Event Logs -> Application -> requests?

 

Michael

 

 

 

3 REPLIES 3

Omar2
Cirrus
Cirrus

Hello Michael,

If your Policy is in blocking mode and you select alarm and block settings for "illegal method" as in attached screenshot and the method your scanner is using on the request is not in the allowed method list as in screenshot, Your request will be blocked and you will have a log with a violation "Illegal method".

But, You can bypass your WAF for the scanner IP and select not to block any request generated from it by configuring the scanner IP under  Application Security : IP Addresses : IP Address Exceptions and also select the option Block this IP Address "Never block this IP" and also if you don't want to see any logs from this IP you can select the option "Never log traffic from this IP Address" to be enabled.

 

Omar2
Cirrus
Cirrus
 

Omar2
Cirrus
Cirrus