Troubleshooting
Problem
When using XML Threat Protection, what are some typical log messages that may occur when the criteria is met?
Symptom
The log messages in this document are intended as a high level reference to the most common error messages associated with XML Threat Protection.
Single Message XML Denial of Service (XDoS) Protection
Maximum Message Size:
Single Message XML Denial of Service (XDoS) Protection
Maximum Message Size:
In this example, the XML request exceeds the Maximum Message Size.
Sample log messages:
20210415T223632.471Z [0x80c00008][multistep][error] mpgw(simple): tid(37248)[response][10.11.66.50] gtid(818644856078bff000009180): rule (simple_rule_12): Implied action Parsing input as XML. failed: Message too large
20210415T223632.471Z [0x00d30005][mpgw][error] mpgw(simple): tid(37248)[error][10.11.66.50] gtid(818644856078bff000009180): Message too large
Gateway parser limits:
In this example, the Attribute Limit is exceeded. Note that all parameters under the "Gateway Parser Limits" will issue a "XML parser limits exceeded" error message.
Sample log messages:
In this example, the Attribute Limit is exceeded. Note that all parameters under the "Gateway Parser Limits" will issue a "XML parser limits exceeded" error message.
Sample log messages:
20210415T223737.028Z [0x80e003aa][xmlparse][error] mpgw(simple): tid(39617)[response][10.11.66.50] gtid(818644856078c03100009ac1): attribute limit of 10 per element exceeded, aborting at offset 86 of http://10.88.0.2:4365/
20210415T223737.028Z [0x80c00008][multistep][error] mpgw(simple): tid(39617)[response][10.11.66.50] gtid(818644856078c03100009ac1): rule (simple_rule_12): Implied action Parsing input as XML. failed: attribute limit of 10 per element exceeded, aborting at offset 86 of http://10.88.0.2:4365/
20210415T223737.028Z [0x00030003][mpgw][error] mpgw(simple): tid(39617)[error][10.11.66.50] gtid(818644856078c03100009ac1): XML parser limits exceeded
Multiple Message XML Denial of Service (MMXDoS) Protection
In this example, the IP filter will reject requests that exceed 1 transaction per 5 seconds and the gateway filter rejects requests that exceed 1 transaction per 1 second. When MMXDoS Protection is configured, DataPower creates count monitor objects based on the parameters set.
In this example, the IP filter will reject requests that exceed 1 transaction per 5 seconds and the gateway filter rejects requests that exceed 1 transaction per 1 second. When MMXDoS Protection is configured, DataPower creates count monitor objects based on the parameters set.
monitor-count: simple-count-monitor-from-ip [up]
-------------------------------------------
admin-state enabled
message-type simple-message-type [up]
measure requests
source each-ip
header X-Client-IP
filter simple-count-monitor-from-ip-filter 5000 1 2 simple-monitor-action
distinct-sources 10000
monitor-count: simple-count-monitor-gateway [up]
-------------------------------------------
admin-state enabled
message-type simple-message-type [up]
measure requests
source all
header X-Client-IP
filter simple-count-monitor-gateway-filter 1000 1 2 simple-monitor-action
distinct-sources 10000
Sample log messages:
20210415T222042.990Z [0x80e00183][monitor][error] monitor-action(simple-monitor-action): tid(35169)[10.11.66.50]: Message monitor simple-count-monitor-gateway triggers filter simple-count-monitor-gateway-filter on credential 10.11.66.50
20210415T222042.990Z [0x80e0038e][monitor][debug] monitor-count(simple-count-monitor-gateway): tid(35169)[10.11.66.50]: Monitor simple-count-monitor-gateway matched.
20210415T222042.990Z [0x80e005fe][monitor][error] monitor-count(simple-count-monitor-gateway): tid(35169)[10.11.66.50]: Rejected by Count Monitor filter (Measure: Requests) simple-count-monitor-gateway.
20210415T222042.990Z [0x00a60002][mpgw][info] mpgw(simple): tid(35169)[error][10.11.66.50]: Message rejection
Document Location
Worldwide
[{"Type":"SW","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000CdxAAAS","label":"DataPower-\u003EDeveloper (DV)-\u003EService Config"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
08 June 2021
UID
ibm16443975