IBM Cognos Application Firewall
IBM Cognos Application Firewall protects IBM Cognos Web products from malicious data. The most common forms of malicious data are buffer overflows and cross-site scripting (XSS) attacks, either through script injection in valid pages or redirection to another Web site.
You can track firewall activity by checking the log file, which contains rejected requests. By default, log messages are stored in the install_location/logs/cogaudit.log file.
If you are using the collaboration features with IBM Connections, you must add the host name, domain, and port number on which IBM Connections is running to the Valid domains and hosts property for the Cognos Application Firewall.
All Cognos Application Firewall settings must be the same for all computers where IBM Cognos Application Tier Components are installed within a distributed environment. For example, if Cognos Application Firewall is disabled on some computers and enabled on others, unexpected behavior and product errors may result.
The following types of URLs are accepted by Cognos Application Firewall validation:
- fully qualified (absolute) URLs
in the format protocol://host:port/path, where protocol is http or https and host is validated against the valid domain list
- URLs relative to the Web installation directory
in the format /Web_installation_root/.* where Web_installation_root is the gateway Web directory, based on the ibmcognos alias that you configured on your Web server.
For example,
/ibmcognos/ps/portal/images/action_delete.gif
- specific allowed URLs, including the following (all case insensitive)
about:blank
JavaScript:window.close( )
JavaScript:parent.close( )
JavaScript:history.back( )
parent.cancelErrorPage( )
doCancel( )