|
|
|
To override the default cross-site scripting character set, enter a character set of your choice for the BadCSSChars parameter. Include the entire string of characters that you want. For example, if you set the BadCSSChars parameter to <,>, the Web Agent scans only for the left and right angle brackets.
If the Web Agent detects a problem related to the character set, it returns an Access Denied message to the user, and the logs the following message in the Agent error log:
Caught Possible Cross Site Scripting Violation in URL. Exiting with HTTP 403 ACCESS FORBIDDEN.
Some applications require the use of the quote characters in the query string, irrespective of the web server platform. For example, some Domino applications, such as iNotes Web Access, require the use of single quotes.
To use applications that require quotes in the query string, remove quotation marks from the BadCssChars parameter.
If you leave do not use this parameter, the Web Agent checks for the default character set.
Note: For more information about cross-site scripting, go to CERT Advisory.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |