Softrip’s public-facing applications (like Reservations) examine all incoming requests for potentially dangerous values, and reject these requests if a submitted value is determined to be dangerous.

This parameter examination is performed on the query string, submitted form post values, cookies, and headers. The intent is to reject requests that could pose a risk to a Softrip instance (for example cross-site scripting).

These rejected values are logged to the InvalidParamLog table, including the input parameter key, its value, and the date and time it occurred.

Note that this examination of submitted values may result in false positives.

Reviewing InvalidParamLog

Softrip recommends regularly reviewing the InvalidParamLog table for recent rejected values, for example:

Sometimes, this parameter examination may turn up false positives. In those cases, a valid request may be rejected as dangerous and result in an error shown to the user.

Whitelisting False Positives

Some values my be incorrectly flagged as dangerous and need to be whitelisted in your Softrip applications.

For such cases, reach out to your Softrip contact to review the false positive and ensure that the value is properly handled and safe to ignore in parameter validation. In your communication, include the relevant records from InvalidParamLog that you think are false positives.