We run our website behind the Barracuda security appliance which checks for XSS and SQL injection attacks. The way your code is written for form validation (ie, checking the box to make a field a required field) causes Barracuda to think there is a Cross Site Scripting attack occuring whenever a user fails to fill out a required field, gets the validation error message, then tries to correct the field and re-submit the form.Here is the specific error from the Barracuda logs:
Action DENY
Follow Up Action None
Severity Alert
URL healthandwelfare.idaho.gov/Health/Immunizations/HealthcareProvidersImmunizationInfo/IRISDeletion/tabid/1402/Default.aspx
Method POST
Attack Cross-Site Scripting in Parameter
Detail type="cross-site-scripting" pattern="script-in-tag-attribute" token="javascript\: (document.location = '#dftoppage');" Parameter="dnn$ctr6821$DynamicForms$DataSprings_Onload2" value="javascript\: (docume"
Rule Type Global
Rule security-policy
Protocol HTTPS
Session ID
User Agent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; BOIE9;ENUS)
Proxy IP 10.10.156.38
Proxy Port 62245
v