Hi Megan,

960032 checks for "supposed legal" HTTP requests i.e. using just GET, POST, OPTIONS, HEAD methods which actually are a superset of the methods (GET) used to access file.php using a normal browser session.

IMHO it should not be disabled: it will be helpful to look at the logs to see what was the method(s) used to access to that URL in order of being able to identify the reason why your supposed users are triggering such rule e.g. really a legal request or e.g. sort of scanning.

HTH,

Matteo