DPR-ERR-2079 Firewall Security Rejection when attempting to run reports
After configuration of Cognos, running reports in the portal gives an error message. Checking the cogserver.log file from the logs folder on the application-tier server reveals several Audit.dispatcher.caf request failure error messages.
Error message shown on the portal (browser):
DPR-ERR-2079 Firewall Security Rejection. Your request was rejected by the security firewall.
Related error message shown in the cogserver.log:
Audit.dispatcher.caf Request Failure Invalid URL domain or host: host port =>
Audit.dispatcher.caf Request Failure is valid URL failed: URL =>
Audit.dispatcher.caf Request Failure Invalid value: decoded value =>
Audit.dispatcher.caf Request Failure Invalid sub-variable: name =>
Audit.dispatcher.caf Request Failure URL does not match any valid domain or host: valid domains =>
Audit.dispatcher.caf Request Failure URL does not match any valid domain or host: valid hosts =>
Audit.dispatcher.caf Request Failure Invalid sub-variable: encoded value =>
Audit.dispatcher.caf Request Failure validation fails for request: original form input =>
When your application-tier server receives a request from the gateway component on your web-tier server, Cognos Application Firewall (CAF) checks the hostname and port that the request came from against a list of acceptable hostname and port combinations. This list consists of the hostname and port from the Gateway URI property of the Environment node in Cognos Configuration, the default of localhost:80, and any hosts which have been added to the Valid domains or hosts property of the Cognos Application Firewall node.
The hostname/port the request comes from may not match the list of valid combinations for several reasons, including:
- The Gateway URI hostname was not changed from localhost in a distributed environment.
- The environment was configured with multiple webservers, and each webserver was not added to the Valid Domains or Hosts property.
- The hosts in the Valid Domains or Hosts property have not been specified in the form hostname:port
Resolving the problem
Ensure that every possible valid combination of hostname and port which your gateway requests could come from is specified in either the Gateway URI or Valid Domains or Hosts property on each application-tier server.
- Open Cognos Configuration.
- In the left pane, click on the Environment node.
- Modify the Gateway URI property if needed.
- In the left pane, click on the Cognos Application Firewall node.
- Select the Valid domains or hosts property and click the edit button.
- Add additional webserver hostname:port entries as required.
- Within Cognos Configuration
- From toolbar click "Actions" -> "Edit Global Configuration... "
- For "Domain" section please add domain for example ".ca.ibm.com"
* period before domain is required
- Repeat for every application-tier server.
Please restart services.
More support for:
Cognos Business Intelligence
Software version: 8.4.1, 10.1, 10.1.1, 10.2, 10.2.1, 10.2.2
Operating system(s): AIX, HP-UX, Linux, Solaris, Windows
Software edition: All Editions
Reference #: 1339461
Modified date: 05 November 2009