0

The following request was blocked by AWS web app firewall cross site scripting rule. But what is suspicious? All seem normal to me!

POST /package.asmx HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)
VsDebuggerCausalityData: uIDPo313Tw/LhjNJn3K1llXBHoEAAAAA9KbUetLg5kixdCJ3yXly/+zfyrFP4XJPrTb7S6ewbdQACQAA
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://www.ingeneus.com.au/GetAccountStatus"
Host: www.eyecloud.net.au
Content-Length: 618
Expect: 100-continue
Connection: Keep-Alive


<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <soap:Body>
        <GetAccountStatus xmlns="http://www.ingeneus.com.au/">
            <sBusinessDomainId>1</sBusinessDomainId>
            <strRddSerialNum>EC1600027</strRddSerialNum>
            <strPassword>2bb4f34fdff49f1f56b6e708ab49ff22</strPassword>
            <bRegisteredInCloud>false</bRegisteredInCloud>
            <bAssignedToClinic>false</bAssignedToClinic>
            <bAccountActive xsi:nil="true" />
            <cPaymentStatus xsi:nil="true" />
        </GetAccountStatus>
    </soap:Body>
</soap:Envelope>
4

1 回答 1

2

标头SOAPAction: "http://www.ingeneus.com.au/GetAccountStatus"正在触发规则。

更改您的代码,以便删除此标头或将其更改为SOAPAction: "".

于 2017-11-28T02:24:17.947 回答