Previous Topic: Secure Applications

Next Topic: Specify Bad URL Characters

Handle Complex URIs

The DisableDotDotRule parameter determines whether or not the Web Agent automatically authorizes a URI that contains two dots separated by a slash (/).

If the DisableDotDotRule is set to yes, the Agent does not apply the double dot rule. For example, if the URI is:

If the DisableDotDotRule is set to no, the default, the Web Agent applies the double-dot rule. The Web Agent challenges requests for the following URIs, passing the request to the Policy Server:

Important! Avoid creating the possibility for unauthorized access when you use the IgnoreExt and DisableDotDotRule parameters together. For example, if you want to protect /dir1/, but you set the DisableDotDotRule parameter to yes, the Agent ignores the URI /dir1/ because you have disabled the double-dot rule and included .gif in the IgnoreExt parameter. Consequently, an unauthorized user may access the protected application /dir1/

Copyright © 2010 CA. All rights reserved. Email CA about this topic