Rules: HTTP CloudFlare Protocol Violation or Empty Response

Description

Error code 520 is used as a catch-all status when the origin server returns something that is unexpected, not tolerated, or not interpreted. This can include protocol violations and empty responses.

Additional Details

Detail	Value
Type	Match
Category	Unknown/Other
Apply Risk to Entities	device_ip, srcDevice_ip, dstDevice_ip, device_hostname, srcDevice_hostname, dstDevice_hostname
Signal Name	HTTP CloudFlare Protocol Violation or Empty Response
Summary Expression	HTTP 502 Response from IP: {{srcDevice_ip}} to IP: {{dstDevice_ip}}
Score/Severity	Static: 1
Enabled by Default	False
Prototype	False
Tags	_mitreAttackTactic:TA0001, _mitreAttackTechnique:T1190

Vendors and Products

Amazon AWS - CloudFront
Bro - Bro
Cisco Systems - Umbrella
Cloudflare - Logpush
Microsoft - Azure
Sophos - UTM 9

Fields Used

Origin	Field
Normalized Schema	device_hostname
Normalized Schema	device_ip
Normalized Schema	dstDevice_hostname
Normalized Schema	dstDevice_ip
Normalized Schema	http_response_statusCode
Normalized Schema	srcDevice_hostname
Normalized Schema	srcDevice_ip

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LEGACY-S00040.md

LEGACY-S00040.md

Rules: HTTP CloudFlare Protocol Violation or Empty Response

Description

Additional Details

Vendors and Products

Fields Used

Files

LEGACY-S00040.md

Latest commit

History

LEGACY-S00040.md

File metadata and controls

Rules: HTTP CloudFlare Protocol Violation or Empty Response

Description

Additional Details

Vendors and Products

Fields Used