LFI and RFI attacks - how to identify?

LFI and RFI attacks - how to identify?

LFI Detection
When preventing LFI (Local File Inclusion) attacks, Polaris attempts to detect if a malicious user is trying to retrieve a file that is local to an organization's web server that they should not have access to.

RFI Detection
When detecting for RFI (Remote File Inclusion), Polaris attempts to detect if a malicious user is trying to include a remote resource into the web application that will then be executed.

In both types of attacks, exploitation can lead to the web application and/or server being compromised with resulting undesirable consequences.

Polaris determines if a request is malicious by considering the aggregated scoring of multiple parameters, including but not limited to a combination of various rules, detection, and metrics scores, which will then be fed into a machine learning algorithm.

Polaris also attempts to reduce and eliminate false positives by applying a dynamic score to the request, request origin, and requested URI so that only actual threats are flagged for prevention or subsequent investigation.

Currently, Polaris uses the OWASP ModSecurity Core Rule Set to identify injected parts of the query. 

    • Related Articles

    • Attacks - what does Polaris detect and do?

      Polaris identifies a vast amount of threats that might occur against your site. While the contents in this article are not exhaustive, it covers the more widespread and common attack types that are likely to occur against your site as well as some of ...
    • Brute Force Attacks - what are they?

      What are brute force attacks? Brute force attacks are trial-and-error attempts to crack an encryption using a large number of combinations. These can be used to guess passwords, encryption keys, API keys or SSH logins. These attacks are often carried ...
    • DDoS Protection & Rate Limiting

      What are DDoS attacks? Distributed Denial of Service (DoS) attacks usually consist of a large number of requests to your website made by bots. This can result in server lag, your website becoming unreachable due to the bandwidth allocated to your ...
    • Threat Intelligence Overview

      Polaris' Threat Intelligence feature provides valuable insight into the potential threats against your site. These features allow you to take action against early phases of an attack or attacks that are already ongoing but you might be unaware of.  ...
    • OWASP Rules

      This article describes how to configure OWASP rules. To access OWASP Rules: Under 'SITES', select your domain and click on 'Settings'. Click on the 'Rules' tab, and ensure OWASP Rules is turned on. What is OWASP The Open Web Application Security ...