Results 1 to 6 of 6

Thread: Data Browser blocked when optimized by Riverbed

  1. #1

    Data Browser blocked when optimized by Riverbed

    Has anyone run into Data Browser or any other part of JDE blocking or invalidating a user session because of the tag Riverbeds place in the HTML? Working with a customer that claims based on the JDE and F5 logs that the Riverbed X-RBT-Optimized-By tag that is inserted into the HTTP header by default of any session they optimize is preventing users from access the Data Browser application in JDE.

    [SEVERE][HTML88_PD920_8150][RUNTIME]***Security Alert***
    Malicious script attack has been detected. The user session will be invalidated.
    The parameter Name is:e1.service. The scripts are:ResourceCanonicalsJS"></script><script type="text/javascript" language="JavaScript" src="/jde/share/js/e1.js"></script><script>_e1URLFactory = new E1URLFactory('Servlet','/jde/','/jde/URLBuilderService.mafService?e1UserActInfo=false

    I'm trying to find out if this is simply due to a configuration setting in JDE or the F5. I see plenty of blogs talking about optimizing JDE via Riverbed and other products and none talk about needing to do anything special. Any advice available would be appreciated.

  2. #2
    Senior Member Alex_Pastuhov's Avatar
    Join Date
    Jul 2001
    Location
    Australia
    Posts
    1,747
    Incidentally, I just recently came across JDE components that look through the comms for any malicious stuff, which I found interesting. The same components do additional processing, so disabling it may cause other issues, but I believe they can be disabled.

    But no, I do not believe there are any such settings available to toggle this, so it's not a config issue. And disabling these components would probably not be a solution supported by Oracle.

    And I suspect there may be more to it than just this one header, because it does not appear to be looking for it specifically. Although admittedly it's not clear what it is exactly it's looking for, so who can say. This could actually be a case of something injecting something malicious into the comms. It's probably worth looking into this deeper.

    To get a clean supported solution, you can try logging this with Oracle and see what they can do on their side...
    Regards,
    Alexander Pastuhov
    http://www.everestsoftint.com/

  3. #3
    I just opened a ticket for a client as I'm seeing it everywhere. Oracle's not being very helpful as of yet and pointing to the same old doc id for the original "bad char" pasting. That said, I'm about 90% sure its load balancer related and some users reported it happening on log on. I have figured out how to recreate it with about 30% success. Let a session timeout, and just try and log back in and it kicks back to login screen and throws the malicious script detected in the log. Im assuming its because the session cookie times out and they "switch" servers, and whatever is injected in the tag is now bad.

    I also had a user report that it happened creating a new grid format in IE 11, but I haven't been able to replicate that one at all.

  4. #4
    If Oracle isn't being helpful, is there any hope that this will get fixed any time soon?
    Hi!

  5. #5
    New Member
    Join Date
    Nov 2006
    Location
    British Columbia, Canada
    Posts
    8
    I am seeing the same items in my logs, but have not had any reports of errors or issues.
    We are not using any kind of load balancer, or even using databrowser. Way too many errors for the users to be using data browser.

    I have had a user complain about being unable to make a grid width change. I will have to try to see what happens after a timeout.
    Robert Woods

  6. #6
    New Member rmkjde's Avatar
    Join Date
    May 2013
    Location
    Newton Iowa
    Posts
    10
    TFZ - thanks for the details, I know I've read this thread a few times in the last couple months!

    I have replicated the situation where logging back into E1 9.2 (9.2.2.6) session that has timed out using IE 11 does create the Malicious Script Attack warnings.
    Once we went to 9.2 we were also seeing these Malicious Script "warnings" and have done hours of research, testing, table cleanup with Media Objects, testing......time consuming.
    Our managed service/hosting provider also put in an SR and has gotten the typical responses as others have also this thread. I will document on our SR and with our MS/HP.

    Informational details:
    Our sessions were going direct to an IP JAS server (instructing user departments which link to use) and began seeing issues.
    We switched to a load balancer and this increased the issue! Plus when on load balancer we were getting users logged into multiple JAS sessions, however, users did not have an initial browser session because of the Invalid State error while user was actually actively working in E1. We switched back to straight IP link and the duplicate sessions have gone away (except for user error), but the Malicious Script "warning" is still happening.

    Thanks all for the input and details.
    Last edited by rmkjde; 06-05-2019 at 12:39 PM. Reason: Took out comment from my post about signature
    Rhonda Knopf
    The Vernon Company
    IT Director
    E1 9.2 TR 9.2.2.6 OS400 7.2 DB2 WebLogic 12c Version 12.2.1.3.0 Client Windows 10

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
The legal restrictions and terms of use applicable to this site are available here.
Use of this site signifies your agreement to the terms of use.
JDELIST is NOT affiliated with JD Edwards® & Company, Oracle or Peoplesoft. Contents of this site are neither endorsed nor approved by JD Edwards® & Company and, or Oracle.