APAR status
Closed as Permanent restriction.
Error description
Received the following error when trying to launch Cognos reports from the Spectrum Control web UI menu options under Reporting. The Cognos URL could not be opened. DPR-ERR-2079 Firewall Security Rejection. Your request was rejected by the security firewall. CAF rejection details area available in the log. Please contact your administrator. The following failures are seen in cogserver.log. 155.110.60.119:16310 820 2017-12-06 11:04:35.594 -5 WebContainer : 1 caf 2047 1 Audit.dispatcher.caf Request Failure third party XSS check failure: query string => b_action=xts.run&m=portal%2Fcc.xts&m_path=%2Fcontent%2Ffolder%5B %40name%3D%27IBM+Spectrum+Control+Predefined+Reports%27%5D 155.110.60.119:16310 820 2017-12-06 11:04:35.594 -5 WebContainer : 1 caf 2047 1 Audit.dispatcher.caf Request Failure third party XSS check failure: URL decoded query string => b_action=xts.run&m=portal/cc.xts&m_path=/content/folder[@name='I BM Spectrum Control Predefined Reports'] 155.110.60.119:16310 820 2017-12-06 11:04:35.594 -5 WebContainer : 1 caf 2047 1 Audit.dispatcher.caf Request Failure third party XSS check failure: invalid character => ' This occurs when the settings to enable Cognos Application Firewall (CAF) and third party XSS checking are enabled in Cognos Configuration. The Cognos Application Firewall should be disabled by default after installation with Spectrum Control.
Local fix
Disable the Cognos Application Firewall settings in Cognos Configuration: - Enable CAF validation? = False - Is third party XSS checking enabled = False After making the changes, do a File > Save and then restart the services.
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Control 5.2.x users launching Cognos Reports * * component from within the Spectrum Control GUI * **************************************************************** * PROBLEM DESCRIPTION: * * When launching Cognos Reporting from the Spectrum Control * * GUI you may encounter the following error: * * * * The Cognos URL could not be opened. * * DPR-ERR-2079 Firewall Security Rejection. Your request was * * rejected by the security firewall. * * CAF rejection details area available in the log. Please * * contact your administrator. * * * * This is caused by the Cognos Application Firewall (CAF), and * * it's function is to prevent URL redirection attacks in * * Cognos. * * * * If this problem is encountered you will need to configure * * Cognos Application Firewall (CAF) to allow access. * **************************************************************** * RECOMMENDATION: * **************************************************************** This problem pertains to IBM Spectrum Control 5.2.0 - 5.2.15.2
Problem conclusion
To enable and configure access of Cognos Application Firewall (CAF), review the IBM knowledge center for "Setting the Cognos Application Firewall (CAF) for Browser Security" https://www.ibm.com/support/knowledgecenter/en/SSFUEU_7.3.0/com. ibm.swg.ba.cognos.administrators_guide.7.3.0.doc/t_adm_set_the_c ognos_app_firewall_caf_for_browser_sec.html
Temporary fix
Comments
APAR Information
APAR number
IT23433
Reported component name
TPC ADVANCED
Reported component ID
5608TPCA0
Reported release
52D
Status
CLOSED PRS
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2017-12-08
Closed date
2018-02-05
Last modified date
2018-02-05
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSNECY","label":"Tivoli Storage Productivity Center Advanced"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"52D"}]
Document Information
Modified date:
24 June 2022