IBM Support

DPR-ERR-2079 Firewall Security Rejection when attempting to run reports

Technote (troubleshooting)


Problem(Abstract)

After configuration of Cognos, running reports in the portal gives an error message. Checking the cogserver.log file from the logs folder on the application-tier server reveals several Audit.dispatcher.caf request failure error messages.

Symptom

Error message shown on the portal (browser):

DPR-ERR-2079 Firewall Security Rejection. Your request was rejected by the security firewall.

Related error message shown in the cogserver.log:
Audit.dispatcher.caf Request Failure Invalid URL domain or host: host port =>
Audit.dispatcher.caf Request Failure is valid URL failed: URL =>
Audit.dispatcher.caf Request Failure Invalid value: decoded value =>
Audit.dispatcher.caf Request Failure Invalid sub-variable: name =>
Audit.dispatcher.caf Request Failure URL does not match any valid domain or host: valid domains =>
Audit.dispatcher.caf Request Failure URL does not match any valid domain or host: valid hosts =>
Audit.dispatcher.caf Request Failure Invalid sub-variable: encoded value =>
Audit.dispatcher.caf Request Failure validation fails for request: original form input =>


Cause

When your application-tier server receives a request from the gateway component on your web-tier server, Cognos Application Firewall (CAF) checks the hostname and port that the request came from against a list of acceptable hostname and port combinations. This list consists of the hostname and port from the Gateway URI property of the Environment node in Cognos Configuration, the default of localhost:80, and any hosts which have been added to the Valid domains or hosts property of the Cognos Application Firewall node.

The hostname/port the request comes from may not match the list of valid combinations for several reasons, including:
- The Gateway URI hostname was not changed from localhost in a distributed environment.

- The environment was configured with multiple webservers, and each webserver was not added to the Valid Domains or Hosts property.

- The hosts in the Valid Domains or Hosts property have not been specified in the form hostname:port


Resolving the problem

Ensure that every possible valid combination of hostname and port which your gateway requests could come from is specified in either the Gateway URI or Valid Domains or Hosts property on each application-tier server.

Steps:
- Open Cognos Configuration.
- In the left pane, click on the Environment node.
- Modify the Gateway URI property if needed.
- In the left pane, click on the Cognos Application Firewall node.
- Select the Valid domains or hosts property and click the edit button.
- Add additional webserver hostname:port entries as required.

Then:
- Within Cognos Configuration
- From toolbar click "Actions" -> "Edit Global Configuration... "
- For "Domain" section please add domain for example ".ca.ibm.com"
* period before domain is required
- Repeat for every application-tier server.

Please restart services.

Historical Number

1018635

Document information

More support for: Cognos Business Intelligence
Cognos Connection

Software version: 8.4.1, 10.1, 10.1.1, 10.2, 10.2.1, 10.2.2

Operating system(s): AIX, HP-UX, Linux, Solaris, Windows

Software edition: All Editions

Reference #: 1339461

Modified date: 05 November 2009