• Forums
    • Public Forums
      • Community Connect
      • Dynatrace
        • Dynatrace Open Q&A
      • Application Monitoring & UEM
        • AppMon & UEM Open Q&A
      • Network Application Monitoring
        • NAM Open Q&A
  • Home /
  • Public Forums /
  • Application Monitoring & UEM /
  • AppMon & UEM Open Q&A /
avatar image
Question by Ben S. · Jan 24, 2015 at 04:19 AM ·

UEM requests being blocked by SiteMinder

We are using SiteMinder in our environment with the BadCSSChars setting turned on. This setting is for cross-site scripting attacks and blocks characters like <>'. This is causing thousands of User Action Visit requests to be blocked with a 403 error since a lot of the requests contain these characters. The SiteMinder team will not disable this setting due to security concerns. dynaTrace support provided a configuration property (spc) under UEM that is supposed to encode these characters, but Siteminder can detect these characters whether they are encoded or not. Below is an excerpt of how the requests come in (%7C and %3C are the forbidden characters).

a=d%7Ckeypress%20%3CRETURN%3E%20on%20%22claimno%22%7Ckeypress%20%3CRETURN%3E%7C147740757_6

Has anyone else encountered this issue? If so, have you found a workaround?

Thanks,

Ben

Comment

People who like this

0 Show 0
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

3 Replies

  • Sort: 
  • Most voted
  • Newest
  • Oldest
avatar image

Answer by Mike T. · Feb 28, 2015 at 12:10 AM

Hi Ben

 

Can I ask what version of Dynatrace you are using?

 

Thanks

Mike

Comment

People who like this

0 Show 0 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image

Answer by Andreas G. · Jan 26, 2015 at 10:15 PM

Great suggestion from Sreerag.

Another thought that comes to my mind is that you can setup a seprate Web Server, e.g: Apache - which you just use to collect the Monitoring Signal.

Andi

Comment

People who like this

0 Show 1 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image Ben S. · Jan 31, 2015 at 02:35 AM 0
Share


Andi, where can I find documentation on the setup you are suggesting? Also, do you know if there are any plans for a workaround? I was told by support to submit an enhancement request.

Thanks,

Ben

avatar image

Answer by Sreerag M. · Jan 25, 2015 at 02:10 PM

Hi Ben,

We have not faced such situation. My guess is that you need the DT agent intercept the /dynatraceMonitor requests before the siteminder. 

May we know the technology used by the web servers? The basic idea would be to change the priority of the DT agent higher than siteminder agent so the DT agent can intercept the request before SM agent.

-Sreerag

Comment

People who like this

0 Show 3 · Share
10 |2000000 characters needed characters left characters exceeded
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

avatar image Ben S. · Jan 27, 2015 at 01:52 AM 0
Share

Hi Sreerag,

We are using IBM HTTP Servers.

Ben

avatar image Sreerag M. Ben S. · Jan 28, 2015 at 03:44 AM 0
Share

We also do have siteminder; when i checked our httpd.conf i found that we are loading the siteminder module at the very end.

I think this explains why we never faced this issue.

-Sreerag

avatar image Ben S. Sreerag M. · Jan 31, 2015 at 02:31 AM 0
Share


We tried placing the Siteminder module further below the dynaTrace webserver module in the httpd.conf file, but that didn't seem to help. We actually didn't realize we had this problem until we began using Splunk to monitor our webserver logs. The 403 errors don't appear in dynaTrace either.

 

How to get started

First steps in the forum
Read Community User Guide
Best practices of using forum

NAM 2019 SP5 is available


Check the RHEL support added in the latest NAM service pack.

Learn more

LIVE WEBINAR

"Performance Clinic - Monitoring as a Self Service with Dynatrace"


JANUARY 15, 3:00 PM GMT / 10:00 AM ET

Register here

Follow this Question

Answers Answers and Comments

2 People are following this question.

avatar image avatar image

Forum Tags

dotnet mobile monitoring load iis 6.5 kubernetes mainframe rest api dashboard framework 7.0 appmon 7 health monitoring adk log monitoring services auto-detection uem webserver test automation license web performance monitoring ios nam probe collector migration mq web services knowledge sharing reports window java hybris javascript appmon sensors good to know extensions search 6.3+ server documentation easytravel web dashboard kibana system profile purelytics docker splunk 6.1 process groups account 7.2 rest dynatrace saas spa guardian appmon administration production user actions postgresql upgrade oneagent measures security Dynatrace Managed transactionflow technologies diagnostics user session monitoring unique users continuous delivery sharing configuration alerting NGINX splitting business transaction client 6.3 installation database scheduler apache mobileapp RUM php dashlet azure purepath agent 7.1 appmonsaas messagebroker nodejs 6.2 android sensor performance warehouse
  • Forums
  • Public Forums
    • Community Connect
    • Dynatrace
      • Dynatrace Open Q&A
    • Application Monitoring & UEM
      • AppMon & UEM Open Q&A
    • Network Application Monitoring
      • NAM Open Q&A