{"_id":"55dc837400a8811900c23126","githubsync":"","user":"55dc702d7fa0290d00559106","__v":4,"category":{"_id":"57d9b91cda17c30e003897f4","project":"55db8f8f1a91690d007ad975","__v":0,"version":"55db8f901a91690d007ad978","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-09-14T20:54:52.969Z","from_sync":false,"order":5,"slug":"suspicious-behavior","title":"Suspicious Behavior"},"parentDoc":null,"project":"55db8f8f1a91690d007ad975","version":{"_id":"55db8f901a91690d007ad978","project":"55db8f8f1a91690d007ad975","__v":17,"createdAt":"2015-08-24T21:41:36.034Z","releaseDate":"2015-08-24T21:41:36.034Z","categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-08-25T15:02:12.415Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":7,"body":"HTTP codes in the 4xx range are indicative of a client error. Attackers will generate such errors when crawling a web site, a term used to describe the process of visiting each link on the site, including URLs of known common locations for web services.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Mitigation\"\n}\n[/block]\nWithin a 5 minute window, if the user generates over thirty-three HTTP 4xx errors,  IMMUNIO will detect it, and if configured to do so will alert with the details on the dashboard.","excerpt":"","slug":"excessive-40xs","type":"basic","title":"Excessive HTTP 400s"}

Excessive HTTP 400s


HTTP codes in the 4xx range are indicative of a client error. Attackers will generate such errors when crawling a web site, a term used to describe the process of visiting each link on the site, including URLs of known common locations for web services. [block:api-header] { "type": "basic", "title": "Mitigation" } [/block] Within a 5 minute window, if the user generates over thirty-three HTTP 4xx errors, IMMUNIO will detect it, and if configured to do so will alert with the details on the dashboard.