on 02-03-2010 7:13 PM
Hello,
I'm trying to send an XML request through an .jsp
It seems that a script within the XML message is detected as forbidden content.When I remove it-it works.
Where do I disable content filter?
Here is the error:
403 Access denied
You do not have the permissions to access this resource
-
Error: -13
Version: 7011
Component: HTTP_FILTER
Date/Time: Wed Feb 03 13:57:21 2010
Module: http_auth.c
Line: 597
Server: xxxxxxxxxxxxxx
Error Tag:
Detail: Content filter matched: Permission denied
This is on NW 7.1
Edited by: German Ramirez on Feb 3, 2010 8:15 PM -nw version added
Hello,
I am facing a similair problem.. Could you please explain how you solved it.
Thanks in advance,
John
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
we have had the same problem and with the help of this forum entry we could solve this strange behaviour. In our case we wanted to use the "Test Message" tool within the Runtime Workbench (Component Monitoring -> Integration Engine). After pressing the "Send Message"-Button we got this error message.
You have to deactivate the Standard Authorization-Handler Content Filter within Transaction SMICM (Menu -> Goto -> HTTP-Plugin -> Authorization-Handler). After deactivation of this filter we could use the "Test Message" tool again.
Best Regards,
Lars
Just as information. This content filter is there to protect you against so called Cross side scripting attacks (XSS) that could compromise your system.
Before deactivating the filter I'd advise you to revisit the application that injects the script code in such a way and checke if this is really necessary.
If you deactivate this filter on app server level and if you don't have other countermeasures against XSS in your applications an attacker could use this to exploit your system.
SAP applications however, especially the ones based on Web Dynpro are protected against XSS by other measures than this filter.
But in any case you should know what to do if you deactive this filter on a productive system.
Hello Mathias,
I am also getting this error. Dactivating authorization handler solved the problem as workaround. In fact it's not a solution. It causes security issues as you wrote.
However in my case the file that I am posting is on the same BSP page in the same domain. I wonder why it's blocked as XSS attack. Additionally, I get this error for files larger than 5 MB.
Kind Regards,
Coşkun
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So let me re-phrase: Trying to send xml msg using JSP to PI.?
Where r u getting this error? Is the message hitting PI server?
For XML, did u create the DT in PI or imported the XSD as external def.?
-SM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
94 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.