|
|
|
The IgnoreExtensions element lists the file extensions that the SAML Affiliate Agent ignores when a request is received. The default values (.gif, .jpeg, .png, .ccc) are the most common file extensions for the SAML Affiliate Agent to ignore. This setting instructs the Agent to pass requests for files with these extensions directly to the web server. Extensions are included in the IgnoreExtensions element because they specify types of files that do not require as much security as other resources.
The SAML Affiliate Agent ignores extensions if the URI of the protected resource contains only one period (.), for example, /image.gif. In this example, the SAML Affiliate Agent passes the request directly to the web server.
If the URI has two or more periods, the SAML Affiliate Agent does not ignore the extension. The SAML Affiliate Agent cannot determine how to interpret the two periods so it cannot figure out which part of the URI represents the resource that the server delivers. For example, if the URI is /dir1/app.pl/file1.new.gif, the SAML Affiliate Agent thinks the resource is protected and will not pass the request to the web server even though .gif is specified in the IgnoreExtensions element.
Note the following when adding extensions to the IgnoreExtensions element:
For example:
<IgnoreExtensions>.gif .jpeg .png .ccc</IgnoreExtensions>
Note: To protect URLs that do not have periods, ensure that protected resources do not have extensions in the IgnoreExtensions element.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |