Preventing Cross Site Scripting Attacks in Oracle iPlanet Webserver 7.0

(Doc ID 1457522.1)

Last updated on JULY 12, 2017

Applies to:

Oracle iPlanet Web Server - Version 7.0 and later
Information in this document applies to any platform.


On 7.0 version, Security:

Configure obj.conf to prevent cross site scripting by following  Oracle iPlanet Web Server 7.0.9 Administrator's Configuration File Reference Guide - Chapter 7 Controlling Access to Your Server - Preventing Cross Site Scripting Attacks (

The following error might occur:

[03/May/2012:11:39:56] failure (17178) ReverseProxy: for host trying to POST /, func_exec reports: HTTP2302: Function insert-filter aborted the request without setting the status code
[03/May/2012:11:39:56] warning (17178) ReverseProxy: for host trying to POST /, handle-processed reports: HTTP2230: Input function insert-filter returned an error
[03/May/2012:11:40:03] failure (17178) ReverseProxy: for host trying to POST /, sed-request reports: command garbled: s/(

1. Insert this filter in obj.conf to prevent xss cross-site scripting attack

Input fn="insert-filter" method="POST" filter="sed-request" sed="s/(|>)/\\>/gi"

The issue has the following business impact:
Due to this issue, users cannot setup an important security config.




Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms