We are using the x-dynatrace header field to monitor the messages by injecting from the Dynatrace Agent. And some of the requests are blocked due to "Jackson data-bind BigDecimal DoS (Header)". In this case, the x-dynatrace field got value as below,
The above Highlighted value is the detected keyword for Jackson data-bind BigDecimal Denial of Service.
The F5 WAF blocks the request as it contains "e100000000" in the header value. This will be detected by F5 WAF rules as a DOS attack based on the CVE security flaws (https://nvd.nist.gov/vuln/detail/CVE-2018-1000873).
How can we skip generating the values with highlighted value?
Is this common issue and what are the resolutions that we can try to fix this issue?
What is the structure/format of x-dynatrace header? Is it possible to configure at OneAgent level?
Solved! Go to Solution.
I would recommend to have in consideration that to fully enable RUM, you must verify the configuration of your firewalls, proxies, and web servers and allow all required data to pass through. I leave the link to the article.