Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

20000026

Meaning

HTTP Protocol Constraints violation.

 

 

Field name Description

log_id

20000026

See Log ID numbers.

main_type

HTTP Protocol Constraints

subtype

  • Header Length Violation
  • Header Line Violation
  • Body Length Violation
  • Content Length Violation
  • Parameter Length Violation
  • HTTP Request Length Violation
  • URL Parameter Length Violation
  • Illegal HTTP Version
  • Cookie Number Overflow
  • Request Header Line number Overflow
  • URL Parameter Number Overflow
  • Illegal Hostname
  • Range Header Violation
  • Illegal HTTP Method
  • Illegal Content Length
  • Illegal Content Type
  • Illegal Response Code
  • Missing POST Content Type
  • Body Parameter Length Violation
  • Header Name Length Violation
  • Header Value Length Violation
  • NULL Character in Parameter Name
  • NULL Character in Paramter Value
  • Illegal Header Name
  • Illegal Header Value
  • HTTP Request Filename Violation
  • Web Socket Protocol
  • Illegal Frame Type
  • Illegal Frame Flag
  • Illegal Connection Preface
  • HTTP/2 Header Table Size Overflow
  • HTTP/2 Concurrent Stream Number Overflow
  • HTTP/2 Initial Window Size Overflow
  • HTTP/2 Frame Size Overflow
  • HTTP/2 Header List Overflow
  • Illegal URL Parameter Name
  • Illegal URL Parameter Value
  • URL Parameter Name Overflow
  • URL Parameter Value Overflow
  • NULL Character in URL
  • Illegal Character in URL
  • Redundant HTTP Header
  • Malformed URL
  • Illegal Chunk Size
  • HTTP Parsing Error
  • HTTP Duplicated Parameter Name
  • Odd and Even Space Attack

 

Examples

v007xxxxdate=2019-08-03 time=10:16:50 log_id=20000026 msg_id=000000225718 device_id=FV-1KE4417900002 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" timezone_dayst="GMTa-8" type=attack pri=alert main_type="HTTP Protocol Constraints" sub_type="Header Name Length Violation" trigger_policy="" severity_level=High proto=tcp service=http action=Alert_Deny policy="FWB_Policy_Default_AutoTest" src=10.200.10.100 src_port=61358 dst=10.101.0.1 dst_port=80 http_method=get http_url="/" http_host="fortinet.fortiweb.com" http_agent="python-for-fortiweb" http_session_id=none msg="[policy_name=FWB_protection_profile] : Header Name Length Exceeded: (The HTTP header name length (51) exceeded the maximum allowed - 50)" signature_subclass="N/A" signature_id="N/A" signature_cve_id="N/A" srccountry="Reserved" content_switch_name="none" server_pool_name="FWB_server_pool" false_positive_mitigation="none" user_name="Unknown" monitor_status="Disabled" http_refer="none" http_version="1.x" dev_id="none" threat_weight=10 history_threat_weight=0 threat_level=Medium ftp_mode="N/A" ftp_cmd="N/A" cipher_suite="none" ml_log_hmm_probability=0.000000 ml_log_sample_prob_mean=0.000000 ml_log_sample_arglen_mean=0.000000 ml_log_arglen=0 ml_svm_log_main_types=0 ml_svm_log_match_types="none" ml_svm_accuracy="none" ml_domain_index=0 ml_url_dbid=0 ml_arg_dbid=0 ml_allow_method="none" owasp_top10="A6:2017-Security Misconfiguration"

20000026

Meaning

HTTP Protocol Constraints violation.

 

 

Field name Description

log_id

20000026

See Log ID numbers.

main_type

HTTP Protocol Constraints

subtype

  • Header Length Violation
  • Header Line Violation
  • Body Length Violation
  • Content Length Violation
  • Parameter Length Violation
  • HTTP Request Length Violation
  • URL Parameter Length Violation
  • Illegal HTTP Version
  • Cookie Number Overflow
  • Request Header Line number Overflow
  • URL Parameter Number Overflow
  • Illegal Hostname
  • Range Header Violation
  • Illegal HTTP Method
  • Illegal Content Length
  • Illegal Content Type
  • Illegal Response Code
  • Missing POST Content Type
  • Body Parameter Length Violation
  • Header Name Length Violation
  • Header Value Length Violation
  • NULL Character in Parameter Name
  • NULL Character in Paramter Value
  • Illegal Header Name
  • Illegal Header Value
  • HTTP Request Filename Violation
  • Web Socket Protocol
  • Illegal Frame Type
  • Illegal Frame Flag
  • Illegal Connection Preface
  • HTTP/2 Header Table Size Overflow
  • HTTP/2 Concurrent Stream Number Overflow
  • HTTP/2 Initial Window Size Overflow
  • HTTP/2 Frame Size Overflow
  • HTTP/2 Header List Overflow
  • Illegal URL Parameter Name
  • Illegal URL Parameter Value
  • URL Parameter Name Overflow
  • URL Parameter Value Overflow
  • NULL Character in URL
  • Illegal Character in URL
  • Redundant HTTP Header
  • Malformed URL
  • Illegal Chunk Size
  • HTTP Parsing Error
  • HTTP Duplicated Parameter Name
  • Odd and Even Space Attack

 

Examples

v007xxxxdate=2019-08-03 time=10:16:50 log_id=20000026 msg_id=000000225718 device_id=FV-1KE4417900002 vd="root" timezone="(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi" timezone_dayst="GMTa-8" type=attack pri=alert main_type="HTTP Protocol Constraints" sub_type="Header Name Length Violation" trigger_policy="" severity_level=High proto=tcp service=http action=Alert_Deny policy="FWB_Policy_Default_AutoTest" src=10.200.10.100 src_port=61358 dst=10.101.0.1 dst_port=80 http_method=get http_url="/" http_host="fortinet.fortiweb.com" http_agent="python-for-fortiweb" http_session_id=none msg="[policy_name=FWB_protection_profile] : Header Name Length Exceeded: (The HTTP header name length (51) exceeded the maximum allowed - 50)" signature_subclass="N/A" signature_id="N/A" signature_cve_id="N/A" srccountry="Reserved" content_switch_name="none" server_pool_name="FWB_server_pool" false_positive_mitigation="none" user_name="Unknown" monitor_status="Disabled" http_refer="none" http_version="1.x" dev_id="none" threat_weight=10 history_threat_weight=0 threat_level=Medium ftp_mode="N/A" ftp_cmd="N/A" cipher_suite="none" ml_log_hmm_probability=0.000000 ml_log_sample_prob_mean=0.000000 ml_log_sample_arglen_mean=0.000000 ml_log_arglen=0 ml_svm_log_main_types=0 ml_svm_log_match_types="none" ml_svm_accuracy="none" ml_domain_index=0 ml_url_dbid=0 ml_arg_dbid=0 ml_allow_method="none" owasp_top10="A6:2017-Security Misconfiguration"