topic Specific keyword(s) not allowed in POST operations with published web app? in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/Specific-keyword-s-not-allowed-in-POST-operations-with-published/m-p/13691#M12992 <HTML><HEAD></HEAD><BODY><P>Hello all</P><P></P><P>I'm wondering if anyone has had any issues with certain open source apps, etc. when publishing as a web app in MAB. For example, I have an XWiki site that is working well most of the time, but when<SPAN>&nbsp;</SPAN>creating or editing<SPAN>&nbsp;</SPAN>a post containing the word "find" and then previewing it, an error page is shown:</P><P></P><P>Error:&nbsp; Access denied. The format or content of your request has been detected as invalid or unsafe. (400)&nbsp;</P><P></P><P>If I change it to finding/finder, etc. then I can save and preview. When I looked in the logs, there<SPAN>&nbsp;</SPAN>are<SPAN>&nbsp;</SPAN>some&nbsp;IPS 'prevent' log entries referring to command injection. However I can't create an exception from the log and whitelisting the destination server in the IPS or inspection policy hasn't helped.</P><P></P><P>I've also used the option to not inspect content, etc. for the destination in the CVPN config file.</P><P></P><P>Can anyone suggest where else I could look?</P></BODY></HTML> Tue, 06 Nov 2018 09:33:38 GMT Timothy_Morty 2018-11-06T09:33:38Z Specific keyword(s) not allowed in POST operations with published web app? https://community.checkpoint.com/t5/SASE-and-Remote-Access/Specific-keyword-s-not-allowed-in-POST-operations-with-published/m-p/13691#M12992 <HTML><HEAD></HEAD><BODY><P>Hello all</P><P></P><P>I'm wondering if anyone has had any issues with certain open source apps, etc. when publishing as a web app in MAB. For example, I have an XWiki site that is working well most of the time, but when<SPAN>&nbsp;</SPAN>creating or editing<SPAN>&nbsp;</SPAN>a post containing the word "find" and then previewing it, an error page is shown:</P><P></P><P>Error:&nbsp; Access denied. The format or content of your request has been detected as invalid or unsafe. (400)&nbsp;</P><P></P><P>If I change it to finding/finder, etc. then I can save and preview. When I looked in the logs, there<SPAN>&nbsp;</SPAN>are<SPAN>&nbsp;</SPAN>some&nbsp;IPS 'prevent' log entries referring to command injection. However I can't create an exception from the log and whitelisting the destination server in the IPS or inspection policy hasn't helped.</P><P></P><P>I've also used the option to not inspect content, etc. for the destination in the CVPN config file.</P><P></P><P>Can anyone suggest where else I could look?</P></BODY></HTML> Tue, 06 Nov 2018 09:33:38 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Specific-keyword-s-not-allowed-in-POST-operations-with-published/m-p/13691#M12992 Timothy_Morty 2018-11-06T09:33:38Z Re: Specific keyword(s) not allowed in POST operations with published web app? https://community.checkpoint.com/t5/SASE-and-Remote-Access/Specific-keyword-s-not-allowed-in-POST-operations-with-published/m-p/13692#M12993 <HTML><HEAD></HEAD><BODY><P>Sounds like a particular signature is generating a false positive.</P><P>I would work with the TAC on this so the signature can be adjusted.</P></BODY></HTML> Tue, 06 Nov 2018 19:59:29 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Specific-keyword-s-not-allowed-in-POST-operations-with-published/m-p/13692#M12993 PhoneBoy 2018-11-06T19:59:29Z