APAR status
Closed as program error.
Error description
Both APAR:IY42077 and this one relate to WebSEAL's support for protecting Web servers against cross-site scripting attacks. The problem is "bad requests are not recorded in request.log" When the filtering does work, there's no entry written to the log to indicate that anything was filtered. Michael T. at the Gold Coast confirmed that these requests should definitely be logged, especially in this case, as otherwise there's no way to determine who's trying to attack you.
Local fix
Problem summary
cross site scripting bad requests are not recorded in request.log.
Problem conclusion
Fixed in 3.8-PWS-FP15.
Temporary fix
Comments
APAR Information
APAR number
IY50409
Reported component name
TIV POL DIR 3.8
Reported component ID
5698PDD11
Reported release
380
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2003-10-31
Closed date
2003-10-31
Last modified date
2003-10-31
APAR is sysrouted FROM one or more of the following:
IY50407
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
TIV POL DIR 3.8
Fixed component ID
5698PDD11
Applicable component levels
R380 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"380","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
31 October 2003