Metabase Error behind Barracuda Firewall

Hi,

We have running metabase version 0.34.3 and had no issues with our firewall, but since version 0.35 and 0.36, there is vendor.js file blocked by our firewall detected as CVE-2015-2094, is there any solution for this one?

Thanks!

Failed vendor.js file

Blocked by our firewall

Hi @bambang
That’s a bug in your firewall, so you should report the problem to them.
The solution is to add Metabase to the allow-list in your firewall.
For reference:
https://www.metabase.com/docs/latest/troubleshooting-guide/proxies.html

Hi @flamber,

I think is not a bug in the firewall, because the 0.34 version of Metabase is working fine with our firewall, i think there are some file changes in the vendor.js that trigger our firewal detection.
But as your suggestion for now maybe we going to exclude metabase traffic in our firewall.

Thank you

@bambang We constantly change files in every release, but we cannot fix bug in firewall rules. And yes, it’s a bug, as it says it’s triggering on an ActiveX RCE - we don’t use ActiveX.
We have also seen problem in various other WAF, where their automatic detection was causing problems when people upgraded and then after a few days, then it was working normally - without changing Metabase version or touching their firewall.