IBM Support

iNotes XSS Security errors on the Domino console

Technote (troubleshooting)


Problem

iNotes XSS Security errors on the Domino console

Symptom

Customer had nonce enabled but was finding some nonce errors on the Domino console such as:
iNotes XSS Security: "Invalid Request, ; with Referer"
and "Request not processed, throwing exception."


Cause

Nonce security errors

Environment

Domino 9.0.1fp5 with F5 load balancer and nonce enabled

Diagnosing the problem

Customer confirmed that when disabling the nonce check with the ini as below the errors went away:
iNotes_WA_Security_NonceCheck=0

For security reasons however, the customer did not want to do this.


Resolving the problem

To fix the issue the customer found:


1. It was necessary to configure the credential store database. However, creating credential store database did not in itself resolve the issue.

Reference also here: http://www.ibm.com/support/docview.wss?uid=swg21679398

2. We had to do some modification on the F5 balancer side.
The modification was to limit the list of IP addresses used to SNAT translation. We were using two IP addresses that is why we could not get rid of the problem. When the list of addresses was limited to only on IP, the problem was fixed. So if using SNAT translation it is important to use only one IP address in SNAT Pool.

Resources on F5:
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_snat.html

See also below:



Document information

More support for: IBM iNotes
Administration

Software version: 9.0.1.5

Operating system(s): Windows

Reference #: 1976404

Modified date: 25 February 2016


Translate this page: