lslb 1.7 update - Invalid request filter directive / [ADMIN] authentication failed

Discussion in 'General' started by Clockwork, Jan 20, 2010.

  1. Clockwork

    Clockwork Member

    after the update I receive the following errors:

    Code:
    2010-01-20 11:36:55.596	ERROR	Invalid request filter directive: ARGS "(alert|expression|eval|url)[[:space:]]*\("
    2010-01-20 11:36:55.596	ERROR	Invalid request filter directive: ARGS "(&\{.+\}|(&#[[0-9a-fA-F]]|\x5cx[0-9a-fA-F]){2})"
    2010-01-20 11:36:55.596	ERROR	Invalid request filter directive: ARGS "((javascript|vbscript):|style[[:space:]]*=)"
    2010-01-20 11:36:55.596	ERROR	Invalid request filter directive: ARGS "(fromCharCode|http-equiv|<.+>|innerHTML|dynsrc|-->)"
    2010-01-20 11:36:55.596	ERROR	Invalid request filter directive: ARGS "document\.(body|cookie|location|write)"
    2010-01-20 11:36:55.596	ERROR	Invalid request filter directive: ARGS_VALUES "jsessionid|phpsessid|onReadyStateChange|xmlHttp"
    2010-01-20 11:36:55.596	ERROR	Invalid request filter directive: ARGS "<(applet|div|embed|iframe|img|meta|object|script|textarea)"
    2010-01-20 11:36:55.596	ERROR	Invalid request filter directive: ARGS "on(Abort|Blur|Click|DblClick|DragDrop|Error|Focus|KeyUp|KeyDown|KeyPrerss|Load|Mouse(Down|Out|Over|Up)|Move|Reset|Resize|Select|Submit|Unload)"
    2010-01-20 11:36:55.596	ERROR	Invalid request filter directive: ARGS "drop[[:space:]]+(database|table|column|procedure)"
    2010-01-20 11:36:55.597	ERROR	Invalid request filter directive: ARGS "delete[[:space:]]+from|create[[:space:]]+table|update.+set.+=|insert[[:space:]]+into.+values"
    2010-01-20 11:36:55.597	ERROR	Invalid request filter directive: ARGS "select.+from|bulk[[:space:]]+insert|union.+select|alter[[:space:]]+table"
    2010-01-20 11:36:55.597	ERROR	Invalid request filter directive: ARGS "or.+1[[:space:]]*=[[:space:]]1|or 1=1--'|'.+--"
    2010-01-20 11:36:55.597	ERROR	Invalid request filter directive: ARGS "into[[:space:]]+outfile|load[[:space:]]+data|/\*.+\*/"
    
    It's also really bad that the clusters in the real-time stats aren't being shown anymore like in the 1.6 version.
    Last edited: Jan 20, 2010
  2. Lauren

    Lauren LiteSpeed Staff

    for real-time stats, it is new consolidated look with similar info as before. If you click "show" button on external application, are you able to see it?
  3. Clockwork

    Clockwork Member

    yes, thanks :)
  4. mistwang

    mistwang LiteSpeed Staff

    The request filter error bug has been addressed with an update of 1.7 release. please try "Force reinstall" from the web console to apply the latest build.

Share This Page