NimbostratusHi,
we have a lot of "unknown method" requests caused by some automated scanner sending: "PRI * HTTP/2".
As far as I read the docs, these requests are not specific harmful.
How can we block these requests without generating an event, reassign a different violation rating or suppress displaying it in the Event Logs -> Application -> requests?
Michael
CirrusHello Michael,
If your Policy is in blocking mode and you select alarm and block settings for "illegal method" as in attached screenshot and the method your scanner is using on the request is not in the allowed method list as in screenshot, Your request will be blocked and you will have a log with a violation "Illegal method".
But, You can bypass your WAF for the scanner IP and select not to block any request generated from it by configuring the scanner IP under Application Security : IP Addresses : IP Address Exceptions and also select the option Block this IP Address "Never block this IP" and also if you don't want to see any logs from this IP you can select the option "Never log traffic from this IP Address" to be enabled.
CirrusCirrus
