https://community.dynatrace.com/t5/Real-User-Monitoring/DoS-attack-violation-identified-when-using-x-dynatrace-field/m-p/175197#M3180 <P>I would recommend to have in consideration that to fully enable RUM, you must verify the configuration of your firewalls, proxies, and web servers and allow all required data to pass through. I leave the link to the article.</P><P><A href="https://www.dynatrace.com/support/help/how-to-use-dynatrace/real-user-monitoring/setup-and-configuration/web-applications/initial-configuration/firewall-constraints-for-rum/" target="_blank">https://www.dynatrace.com/support/help/how-to-use-dynatrace/real-user-monitoring/setup-and-configuration/web-applications/initial-configuration/firewall-constraints-for-rum/</A></P> Mon, 01 Nov 2021 05:14:01 GMT DanielS 2021-11-01T05:14:01Z https://community.dynatrace.com/t5/Real-User-Monitoring/DoS-attack-violation-identified-when-using-x-dynatrace-field/m-p/166529#M2755 <P>Hi,</P> <P>We are using the x-dynatrace header field to monitor the messages by injecting from the Dynatrace Agent. And some of the requests are blocked due to "Jackson data-bind BigDecimal DoS (Header)". In this case, the x-dynatrace field got value as below,<BR /><STRONG><EM><FONT size="2">X-dynaTrace: FW4;-428057869;14;-1830560483;6305125;0;1075664345;735;639a;1h0101c1d4d840c1e2f1f3f7e2e4d7f140404060a9804f20<FONT color="#FF0000">172e100000000</FONT>000000000000000000000000000000000000000004c533234375349503200433030302e4541492e4f524445525355425245535000;2h01;3h92e3dd1d;4h603565;5h01</FONT></EM></STRONG><BR />The above Highlighted value is the detected keyword for&nbsp;Jackson data-bind BigDecimal Denial of Service.</P> <P><SPAN>The F5 WAF blocks the request as it contains "e100000000" in the header value. This will be detected by F5 WAF rules as a DOS attack based on the CVE security flaws (<A href="https://nvd.nist.gov/vuln/detail/CVE-2018-1000873" target="_self">https://nvd.nist.gov/vuln/detail/CVE-2018-1000873</A>).</SPAN></P> <P>How can we skip generating the values with highlighted value?</P> <P>Is this common issue and what are the resolutions that we can try to fix this issue?</P> <P>What is the structure/format of x-dynatrace header? Is it possible to configure at OneAgent level?</P> Tue, 25 May 2021 13:58:58 GMT https://community.dynatrace.com/t5/Real-User-Monitoring/DoS-attack-violation-identified-when-using-x-dynatrace-field/m-p/166529#M2755 sriaravind 2021-05-25T13:58:58Z https://community.dynatrace.com/t5/Real-User-Monitoring/DoS-attack-violation-identified-when-using-x-dynatrace-field/m-p/167899#M2822 <P>I would recommend opening a support ticket on this so support is aware of the issue and can put a solution in across the platform</P> Thu, 17 Jun 2021 22:46:46 GMT https://community.dynatrace.com/t5/Real-User-Monitoring/DoS-attack-violation-identified-when-using-x-dynatrace-field/m-p/167899#M2822 ChadTurner 2021-06-17T22:46:46Z https://community.dynatrace.com/t5/Real-User-Monitoring/DoS-attack-violation-identified-when-using-x-dynatrace-field/m-p/175197#M3180 <P>I would recommend to have in consideration that to fully enable RUM, you must verify the configuration of your firewalls, proxies, and web servers and allow all required data to pass through. I leave the link to the article.</P><P><A href="https://www.dynatrace.com/support/help/how-to-use-dynatrace/real-user-monitoring/setup-and-configuration/web-applications/initial-configuration/firewall-constraints-for-rum/" target="_blank">https://www.dynatrace.com/support/help/how-to-use-dynatrace/real-user-monitoring/setup-and-configuration/web-applications/initial-configuration/firewall-constraints-for-rum/</A></P> Mon, 01 Nov 2021 05:14:01 GMT https://community.dynatrace.com/t5/Real-User-Monitoring/DoS-attack-violation-identified-when-using-x-dynatrace-field/m-p/175197#M3180 DanielS 2021-11-01T05:14:01Z