IP banned several times

Roald Haahr Jensen

Posted on 28/09/2018 15:18:16

A customer running an intranet on a version 9.5.1 installation of DynamicWeb have their IP's banned on a regular basis for no apparent reason. Last time it happened to them was because one of them attempted to create a post through a regular frontend form. He got the following message in the log:

2018-10-05T14:34:08;Injection ban: Match on Besked_IT (((\%3C)|<|\[)((\%2F)|\/)*(?:script|url|a\W|img|svg|iframe)+.*?((\%3E)|>|\]))

What might be causing this, and how can it be solved? Preferably without allowing SQL injections.

/ Roald

Replies

Nicolai Pedersen

Posted on 28/09/2018 15:40:39

Hi Roald

From the log you can read that the content submitted in field "Besked_IT" was blocked by the regex you see.

To avoid that, you have 3 options

Disable SQL injection all over (NOT recommended)
Do not enable post of content like this
Add that field name to the positive list

Check out the docs: https://doc.dynamicweb.com/documentation-9/platform/advanced-settings/web-and-http#3518

BR Nicolai

Roald Haahr Jensen

Posted on 01/10/2018 10:09:46

Hi Nicolai

Thanks for the clarification.

Option 3 seems to be the option that suits this case better. Where do I find this positive list?

/ Roald

Nicolai Pedersen

Posted on 01/10/2018 10:37:31

Hi Roald

If you click the link to the manual and reads that, I am sure you can find it - look for the "ignore the following fields" field.

BR Nicolai

You must be logged in to post in the forum

Developer forum

IP banned several times

Replies