question

saldana-msft avatar image
9 Votes"
saldana-msft asked LaurieStearn-5868 edited

[Announcement] Access Denied error when posting content

Microsoft Q&A uses a Web Application Firewall (WAF) to block malicious requests.

When posting, you might receive an error message as illustrated below if the content you are posting contains restricted words such as system file references and URL injection type strings.

We are looking on a long term solution to avoid this error, as well as on an autosave/draft feature that will prevent users to lose their content when encountering this or any other platform error.

In the meantime to verify if your content might get blocked due to certain keywords, before posting make sure you are able to “preview” your post without issues. If not, please modify your content to remove any system references and try to preview again. Once preview works, then you will be able to successfully submit your post.

Note: there are cases that the preview of the message does not show anything but publishing the message works.

💥HIGHLY recommend to all user! Until this issue is fixed, before you submit your message, click on Ctrl+A then on Ctrl+C. This will copy the content of the message to the clipboard. If the message did not submitted well then you can open notepad a new post and click on Ctrl+V in order to paste the content again. This way you will not lose it.


access-denied error

8953-waf.png



qna-feedback
access-denied.png (50.7 KiB)
waf.png (112.7 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the update Sandra 👍

Note: there are cases that the preview of the message does not show anything but publishing the message works.

💥HIGHLY recommend to all user! Until this issue is fixed, before you submit your message, click on Ctrl+A then on Ctrl+C. This will copy the content of the message to the cache. If the message did not submitted well then you can open notepad and click on Ctrl+V in order to paste the content. This way you will not lose it.

2 Votes 2 ·

Thank you Ronen. To make sure that this info is not lost in case people do not read all the comments, I am editing the article with this information. 🙂

1 Vote 1 ·

uhm uhm ok

0 Votes 0 ·

Common Options which are used by other interfaces to solve this issue:

1) Before parsing the message, store the message in the client side using cookies. This can be done before the message even submitted using JS. First make some client side check -> if all OK -> save the cookies -> and then submit to the server.

2) The content which arrive to the server using POST should pass to the client back as the value of the text box

Option 1 is the simplest to implement and probably I am going to implement it using chrome tampermonkey 😀 This can be done without any change in the server side, even so the solution should be embedded. Option 2 is the "perfect" solution but require more change in the base code.

1 Vote 1 ·

We are working on an autosave feature. We hope we can get it shipped in June. That will help alleviate the problem while we fix this issue long term.

0 Votes 0 ·
njsokalski avatar image
1 Vote"
njsokalski answered RodAtWork commented

That doesn't help much, since I don't know what my post includes that could be bad. There are no system references or URLs, and the code (which I did mark as code with the formatting toolbar) is just very basic XAML. What do I need to change?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

From the security aspect, you should not tell your users what exactly led to the security break since this information will be used to bypass the security 21245-image.png


0 Votes 0 ·
image.png (482 B)

I agree with you njsokalski, it is very hard to know what code might be marked as unacceptable. Like you, I was trying to enter some XAML code which didn't contact any URLs, system references, etc. It was just a style I was trying to do within a data template.

0 Votes 0 ·
markgoldin-3750 avatar image
3 Votes"
markgoldin-3750 answered markgoldin-3750 published

What a bunch of bullshit.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LaurieStearn-5868 avatar image
0 Votes"
LaurieStearn-5868 answered LaurieStearn-5868 edited

Here it's

Access Denied
You don't have permission to access "http://docs.microsoft.com/answers/questions/ask.html" on this server.
Reference #18.83052017.1609467103.3618428

A sandbox would be nice- the BBCode doesn't like expression when (T a, T b, OP op) follows it. Related?




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.