Receiving Forbidden Error When Attempting to Enter Cloud CPQ in an iFrame from Microsoft Dynamics CRM (Doc ID 1998767.1)

Last updated on JUNE 16, 2015

Applies to:

Oracle BigMachines CPQ Cloud Service - Version 11.0 to N/A [Release 11 to 2013]
Information in this document applies to any platform.

Symptoms

When trying to load an instance of Oracle CPQ Cloud in an iframe of a Microsoft Dynamics CRM instance, the user receives this message:

"Forbidden. You don't have permission to access /commerce/buyside/document.jsp on this server"

 In addition, the modsec log updates with this error:

[10/Apr/2015:11:50:03 --0500] [xxxxxxxx.bigmachines.com/sid#2d5e128][rid#7f1f3401ab00][/commerce/buyside/document.jsp][1] Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\/\\/(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})" at ARGS:_partnerSessionUrl. [file "/usr/local/apache2/conf/setup/modsecurity/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://xxx.xxx.xx.xxx found within ARGS:_partnerSessionUrl: http://xxx.xxx.xxx.xxx/bigmachinesweb/lightcrmservice.asmx"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.7"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"]


For more information about the modsec error logs, please consult this document from our knowledge base: How to Interpret Mod Sec Error Logs (Doc ID 1923048.1)

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms