I am attempting to run a stored process from an IIS server. However the process is blocked and the user sees the following error. You attempted to access a SAS application by using the following URL: http://servername.company.com:<port>/SASStoredProcess/do The URL has been blocked because it came from an untrusted site, which might be attempting a malicious attack. I have followed the following papers in followed the instructions from the SAS® 9.4 Administration Middle-Tier Administration Guide How to Whitelist of Websites and Methods Allowed to Link to SAS Web Applications: https://go.documentation.sas.com/?cdcId=bicdc&cdcVersion=9.4&docsetId=bimtag&docsetTarget=p1xtsni38p58t3n1ljd2fy4c3joz.htm&locale=en My stored process has an address somewhat like http://myssitename.domainname.com/example_process.htm In application management, configuration manager, SAS application infrastructure, I have the following settings. sas.web.csrf.refers.allowNull true sas.web.csrf.refers.blacklist sas.web.csrf.refers.knownHosts http://mysitename.domainname.com/ sas.web.csrf.refers.performCheck true sas.web.csrf.refers.skipMethods sas.web.navigation.knownHosts http://mysitename.domainname.com/ So can anyone tell me why the user is still blocked from running the stored process? Note: if i set performCheck to false, the stored process works and the user is prompted to logon to SAS and can run the stored process, sas.web.csrf.refers.performCheck false That works...but that defeats the the purpose of the whitelist.
... View more