|
|
|
An unauthorized user can append a false file name that contains an extension that the Web Agent is configured to ignore to the end of a URL . The Agent then allows the unauthorized user access to the resource. To have the Web Agent deny access to such attempts, use the following parameter:
Prevents the Agent from authorizing URLs from an unauthorized user. If your Web Agent is configured to ignore requests for files ending with certain extensions, an attacker may attempt to access resources by creating a false URL.
For example, if you have a resource with the following URL:
/scripts/myapp
An attacker may attempt to gain access by creating a false URL like the one in the following example:
/scripts/myapp/junk.jpg
If the value of the SecureApps parameter is set to no, the request for /scripts/myapp/junk.jpg would be automatically authorized if the Web Agent was set to ignore requests for .jpg files.
If the value of the SecureApps parameter is set to yes, the Web Agent attempts to discover if the resource is legitimate or if the URL is false.
Default: No
To secure applications, set the value of the SecureApps parameter to yes.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |