Web Agent Guides › Web Agent Configuration Guide › Enforce Security with URL Monitoring › Reduce Overhead by Ignoring File Extensions of Unprotected Resources

Reduce Overhead by Ignoring File Extensions of Unprotected Resources

You can reduce SiteMinder overhead by instructing the Web Agent to ignore requests for certain types of resources with the following parameter:

• IgnoreExt

  Specifies the types of resources for which the Web Agent passes requests to the web server without checking SiteMinder policies.The Web Agent allows access to the items specified by this parameter even if they exist in a realm that is protected by a SiteMinder policy.

  Requests for resources that meet either of the following conditions may be ignored:

  • The resource ends in one of the extensions that you configure the Web Agent to ignore.
  • The URI of the protected resource contains a single period (.).

    For example, if a URI for a requested resource is /my.dir/ the Web Agent passes the request directly to the web server.

  Default: .class, .gif, .jpg, .jpeg, .png, .fcc, .scc, .sfcc, .ccc, .ntc

  Important! Use caution when setting the IgnoreExt parameter. There are some security issues that you may want to consider.

By default, the Agent does not ignore requests for resources that contain two or more periods separated by a slash (/). Web Agents handle requests for resources using the process shown in the following example:

1. The .gif extension is added to the IgnoreExt parameter. Requests for resources with the .gif extension are be ignored by the Web Agent.
2. A request is made for the following URI:

   /dir1/app.pl/file1.gif,

3. The Web Agent checks /dir1/app.pl/file1.gif against the policy server because some web servers will execute /dir1/app.pl as an application instead of serving the file1.gif resource.

   Granting access to /dir1/app.pl/file1.gif without consulting the web server may have caused a security breach.

To reduce overhead by ignoring the file extensions of unprotected resources, add the extensions of the resources you want to ignore to the value IgnoreExt parameter.