25 May 2021 05:55 AM - last edited on 25 May 2021 02:58 PM by laima_vainina
Hi,
We are using the x-dynatrace header field to monitor the messages by injecting from the Dynatrace Agent. And some of the requests are blocked due to "Jackson data-bind BigDecimal DoS (Header)". In this case, the x-dynatrace field got value as below,
X-dynaTrace: FW4;-428057869;14;-1830560483;6305125;0;1075664345;735;639a;1h0101c1d4d840c1e2f1f3f7e2e4d7f140404060a9804f20172e100000000000000000000000000000000000000000000000004c533234375349503200433030302e4541492e4f524445525355425245535000;2h01;3h92e3dd1d;4h603565;5h01
The above Highlighted value is the detected keyword for Jackson data-bind BigDecimal Denial of Service.
The F5 WAF blocks the request as it contains "e100000000" in the header value. This will be detected by F5 WAF rules as a DOS attack based on the CVE security flaws (https://nvd.nist.gov/vuln/detail/CVE-2018-1000873).
How can we skip generating the values with highlighted value?
Is this common issue and what are the resolutions that we can try to fix this issue?
What is the structure/format of x-dynatrace header? Is it possible to configure at OneAgent level?
Solved! Go to Solution.
17 Jun 2021 11:46 PM
I would recommend opening a support ticket on this so support is aware of the issue and can put a solution in across the platform
01 Nov 2021 05:14 AM
I would recommend to have in consideration that to fully enable RUM, you must verify the configuration of your firewalls, proxies, and web servers and allow all required data to pass through. I leave the link to the article.