Specifies the character sequences that cannot be used in URL requests. The Agent for SharePoint examines the characters in the URL that occur before the "?" character against those characters specified by this parameter. If any of the specified characters are found, the Agent for SharePoint rejects the request.
You can specify the following characters:
- a backward slash (\)
- two forward slashes (//)
- period and a forward slash (./)
- forward slash and a period (/.)
- forward slash and an asterisk (/*)
- an asterisk and a period (*.)
- a tilde (~)
- %2D
- %20
- %00-%1f
- %25 (do not add this value to the list if the URLs of your protected SharePoint resources contain blank spaces [%20])
Separate multiple characters with commas. Do not use spaces.
You can use the bad URL characters in CGI parameters if the question mark (?) precedes the bad URL characters.
Default: (Agent for SharePoint) //,./,/.,/*,*.,~,\,%00-%1f
Limits:
- The default hexadecimal numbers apply to English characters. For other languages, remove any hexadecimal values that correspond to the characters of the language that you want to allow. Examples of such languages include (but are not limited to), Brazilian Portuguese, French, Japanese, and Chinese.
- You can specify characters literally. You can also enter the URL-encoded form of that character. For example, you can enter the letter a, or you can enter the encoded equivalent of %61.
- You can specify a maximum number of 4096 characters (including commas that are used for separating characters).
- You can specify ranges of characters that are separated with hyphens. The syntax is: starting_character-ending_character. For example, you can enter a-z as a range of characters.
- Specify any quotation marks (") with the URL-encoded equivalent of %22. Do not use ASCII.
