Solved
HTTP.Server.Authorization.Buffer.Overflow question
Hi,
We are getting the following alert on out FG50E:
The following intrusion was observed: "HTTP.Server.Authorization.Buffer.Overflow". date=2023-03-21 time=08:30:46 devname=Fortigate_FG50E devid=FGT50E3U17032297 logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" eventtime=1679401846773064861 tz="-0400" severity="critical" srcip=10.1.1.216 srccountry="Reserved" dstip=20.62.128.25 srcintf="lan" srcintfrole="lan" dstintf="wan1" dstintfrole="wan" sessionid=121219710 action="dropped" proto=6 service="HTTP" policyid=3 attack="HTTP.Server.Authorization.Buffer.Overflow" srcport=57766 dstport=443 url="/artifactory/api/system/ping" direction="outgoing" attackid=12351 profile="default" ref="http://www.fortinet.com/ids/VID12351" incidentserialno=1166735929 msg="web_server: HTTP.Server.Authorization.Buffer.Overflow," crscore=50 craction=4096 crlevel="critical"
The user in question is getting this using Microsoft's Power Apps. It looks to be benign. The destination is a Microsoft site.
Is there a way to whitelist this? I'm fairly new to Fortinet/Fortigate.Also, please let me know if more info is needed.