Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Attempted XSS Attack - Access Denied





After attempting to log in via ESP, an access denied error page can be displayed to the user. An error log message similar to "Attempted XSS attack" is recorded in the ESP Extended Logs. This article explains why this can happen and how to circumvent it when it does.


Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

What to do when an access denied response is returned when logging in via ESP and "Attempted XSS attack" errors are present in the ESP Extended Logs.

Steps to Reproduce:  
Error Message: Attempted XSS attack on <VS IP Address>:<VS_port> from <Client IP Address>:<client_port> (dtcode 6)
Defect Number:  
Enhancement Number:  
Cause: This scenario mostly happens when refreshing the ESP Login page, which generates multiple login cURL requests. The error messages mean that the LoadMaster receives the POST request from the login page with a different URL than what it was expecting.
Resolution: If the issue does not clear by itself, then it is recommended to perform a reboot/failover of the LoadMaster to resolve this issue. To prevent this from happening, please refrain from refreshing the ESP login page in the web browser, as the LoadMaster is detecting this as a replay attack.

ESP Extended Logs:

ESP Guide:

Was this article helpful?
0 out of 0 found this helpful