Attempted XSS Attack - Access Denied
Information
Summary: |
After attempting to log in via ESP, an access denied error page can be displayed to the user. An error log message similar to "Attempted XSS attack" is recorded in the ESP Extended Logs. This article explains why this can happen and how to circumvent it when it does. |
Environment: |
Product: LoadMaster Version: Any Platform: Any Application: Any |
Question/Problem Description: |
What to do when an access denied response is returned when logging in via ESP and "Attempted XSS attack" errors are present in the ESP Extended Logs. |
Steps to Reproduce: | |
Error Message: | Attempted XSS attack on <VS IP Address>:<VS_port> from <Client IP Address>:<client_port> (dtcode 6) |
Defect Number: | |
Enhancement Number: | |
Cause: | This scenario mostly happens when refreshing the ESP Login page, which generates multiple login cURL requests. The error messages mean that the LoadMaster receives the POST request from the login page with a different URL than what it was expecting. |
Resolution: | If the issue does not clear by itself, then it is recommended to perform a reboot/failover of the LoadMaster to resolve this issue. To prevent this from happening, please refrain from refreshing the ESP login page in the web browser, as the LoadMaster is detecting this as a replay attack. |
Workaround: | |
Notes: |
ESP Extended Logs: https://support.kemptechnologies.com/hc/en-us/articles/14337601552909-ESP-Logs ESP Guide: https://support.kemptechnologies.com/hc/en-us/articles/14337457839757-Edge-Security-Pack-ESP- |