IBM Support

Sample Log Messages for Miscellaneous XML Threat Protection Configuration on IBM DataPower Gateway

Troubleshooting


Problem

When using XML Threat Protection, what are some typical log messages that may occur when the criteria is met?

image 9276

Symptom

The log messages in this document are intended as a high level reference to the most common error messages associated with XML Threat Protection.

Single Message XML Denial of Service (XDoS) Protection
Maximum Message Size:
In this example, the XML request exceeds the Maximum Message Size.

Sample log messages:
20210415T223632.471Z [0x80c00008][multistep][error] mpgw(simple): tid(37248)[response][10.11.66.50] gtid(818644856078bff000009180): rule (simple_rule_12): Implied action Parsing input as XML. failed: Message too large
20210415T223632.471Z [0x00d30005][mpgw][error] mpgw(simple): tid(37248)[error][10.11.66.50] gtid(818644856078bff000009180): Message too large
Gateway parser limits:
In this example, the Attribute Limit is exceeded.  Note that all parameters under the "Gateway Parser Limits" will issue a "XML parser limits exceeded" error message.

Sample log messages: 
20210415T223737.028Z [0x80e003aa][xmlparse][error] mpgw(simple): tid(39617)[response][10.11.66.50] gtid(818644856078c03100009ac1): attribute limit of 10 per element exceeded, aborting at offset 86 of http://10.88.0.2:4365/
20210415T223737.028Z [0x80c00008][multistep][error] mpgw(simple): tid(39617)[response][10.11.66.50] gtid(818644856078c03100009ac1): rule (simple_rule_12): Implied action Parsing input as XML. failed: attribute limit of 10 per element exceeded, aborting at offset 86 of http://10.88.0.2:4365/
20210415T223737.028Z [0x00030003][mpgw][error] mpgw(simple): tid(39617)[error][10.11.66.50] gtid(818644856078c03100009ac1): XML parser limits exceeded
Multiple Message XML Denial of Service (MMXDoS) Protection
In this example, the IP filter will reject requests that exceed 1 transaction per 5 seconds and the gateway filter rejects requests that exceed 1 transaction per 1 second.  When MMXDoS Protection is configured, DataPower creates count monitor objects based on the parameters set.
monitor-count: simple-count-monitor-from-ip [up] 
-------------------------------------------
 admin-state enabled 
 message-type simple-message-type  [up]
 measure requests 
 source each-ip 
 header X-Client-IP 
 filter simple-count-monitor-from-ip-filter 5000 1 2 simple-monitor-action 
 distinct-sources 10000 
monitor-count: simple-count-monitor-gateway [up] 
-------------------------------------------
 admin-state enabled 
 message-type simple-message-type  [up]
 measure requests 
 source all 
 header X-Client-IP 
 filter simple-count-monitor-gateway-filter 1000 1 2 simple-monitor-action 
 distinct-sources 10000 
Sample log messages: 
20210415T222042.990Z [0x80e00183][monitor][error] monitor-action(simple-monitor-action): tid(35169)[10.11.66.50]: Message monitor simple-count-monitor-gateway triggers filter simple-count-monitor-gateway-filter on credential 10.11.66.50
20210415T222042.990Z [0x80e0038e][monitor][debug] monitor-count(simple-count-monitor-gateway): tid(35169)[10.11.66.50]: Monitor simple-count-monitor-gateway matched.
20210415T222042.990Z [0x80e005fe][monitor][error] monitor-count(simple-count-monitor-gateway): tid(35169)[10.11.66.50]: Rejected by Count Monitor filter (Measure: Requests) simple-count-monitor-gateway.
20210415T222042.990Z [0x00a60002][mpgw][info] mpgw(simple): tid(35169)[error][10.11.66.50]: Message rejection

Document Location

Worldwide

[{"Type":"SW","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateway"},"ARM Category":[{"code":"a8m50000000CdxAAAS","label":"DataPower->Developer (DV)->Service Config"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
08 June 2021

UID

ibm16443975

Page Feedback