You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Hari Vuppala <ha...@gmail.com> on 2008/09/09 18:00:33 UTC

[users@httpd] Apache 2.0.61 - Tomcat 6.0 - Due to the presence of characters known to be used in Cross SiteScripting attacks - 403 Forbidden

Hello,

We have an existing intranet web application running on Tomcat 6.0 (on port
8080). Now, we installed Apache 2.0.61 (running on port 80) and installed
mod_jk connector that will forward the requests to Tomcat. The OS is Solaris
10.

Our application uses lot of Javascript and it appends parameters dynamically
to the Action URL. Now the issue is some of the pages in the application are
throwing 403 - Forbidden error and the pop ups in the application are
showing a message "*Due to the presence of characters known to be used in
Cross SiteScripting attacks, access is forbidden. This web site does not
allow Urlswhich might include embedded HTML tags."*
**
I tried to google on this, but could not find any help. I am looking for a
Apache configuration change which will allow these URLS to work.

Appreciate all your help!!

Thanks
-Hari