Agent GuidesWeb Agent GuideEnforce Security with URL Monitoring › Reduce Overhead by Ignoring File Extensions of Unprotected Resources

Previous Topic: URL Monitoring Overview

Next Topic: How to Protect Resources Without Periods or Extensions

Reduce Overhead by Ignoring File Extensions of Unprotected Resources

You can reduce SiteMinder overhead by instructing the Web Agent to ignore requests for certain types of resources with the following parameter:

IgnoreExt

Specifies the types of resources for which the Web Agent passes requests to the web server without checking SiteMinder policies.The Web Agent allows access to the items specified by this parameter even if they exist in a realm that is protected by a SiteMinder policy.

Requests for resources that meet either of the following conditions may be ignored:

Default: .class, .gif, .jpg, .jpeg, .png, .fcc, .scc, .sfcc, .ccc, .ntc

Important! Use caution when setting the IgnoreExt parameter. There are some security issues that you may want to consider.

By default, the Agent does not ignore requests for resources that contain two or more periods separated by a slash (/). Web Agents handle requests for resources using the process shown in the following example:

  1. The .gif extension is added to the IgnoreExt parameter. Requests for resources with the .gif extension are be ignored by the Web Agent.
  2. A request is made for the following URI:

    /dir1/app.pl/file1.gif,

  3. The Web Agent checks /dir1/app.pl/file1.gif against the policy server because some web servers will execute /dir1/app.pl as an application instead of serving the file1.gif resource.

    Granting access to /dir1/app.pl/file1.gif without consulting the web server may have caused a security breach.

To reduce overhead by ignoring the file extensions of unprotected resources, add the extensions of the resources you want to ignore to the value IgnoreExt parameter.