Developer forum

Somewhere, some "dangerous" values are being sent in request form or query string. Dynamicweb will respond with an error code and might ban IP's as well.

You can either disable SQL injection check (not recommended) or you can try to prevent that these "dangerous" values appear in requests.

If you need more details about what is causing this problem then you can register your own email address and get notified whenever this error occurs.

Hi Martijn

Morten is right. The problem with 403 is because one user (that would be the user IP) has subitted something to that page which has been caught by the SQL-injection engine and that will block the user for 15 minutes. Disabling the paragraph has nothing to do with it - the user can just see the page because he is logged in to /Admin.

Blocked IPs are found in /Files/System/_BannedIps.txt

If you, as Morten says, signup for the requests being caught, you can see what happens. I do not think it has anything to do with youtube videos. In MC you can also take specific querystring parameters out of the check.

BR Nicolai

Hi Morton, Nicolai

Thanks for your reply.
Unfortunally where not yet running on 8.5+, so I can't add my e-mailaddress to the module.

I have looked at the file _BannedIps.text, there is only 1 IP visible. 
The solution of our customer has a proxy between the shop and the web.
Could it be that the IP of the proxy is being rejected for 15 minutes?

Gr
Martijn

Hi Martijn

If it is one of those proxies that sends all traffic to DW on one IP, that could be it... Then you should disable it. Because any site in the world has SQL attacks every now and then and if the proxy IP is the only one seen on the webserver, it will be banned.

Nicolai

Hi,

We are experiencing the same issue with only one IP being blocked since we are using reverse proxy's and load-balancers to handle the traffic.

Is it possible for the system to block the connection based on the IP sent on the x-forwarded-for http header that is added by the load-balancer/proxy?

If this header is present then the blocking could occur only to the client IP and not tothe load balancer IP that is the global to all clients.

Tks
PPinto

No, that is not possible...

But it is possible to let the proxy forward the original IP.

Hi Nicolai

we also have this issue with a costumer, and the email notification does not work on this version (I have notified helpdesk), so I can not say what is going on.

But if i understand you correctly, If a large or relative large amount of traffic comes from the same IP, this IP will end up in Bannedips.txt ? It doesn´t have to be SQLinjection?

If so, how much trafic would trigger a banned IPs?

It is quite critical for our costumer that we get this fixed ASAP.

br

Hans

Hi Hans

Sorry for the late response. We have released the fix today so you receive the email and get more logging.

SQL injection will ONLY happen if SQL injection is detected. And it is 'ruthless'. One failure and you get banned for 24 hours. So it has to be something ugly.

So traffic amounts cannot get you banned.

BR Nicolai