DisableDotDotRule Rule

book

Article ID: 141604

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) SITEMINDER

Issue/Introduction

Is there a way we can identify which apps/aco are really using DisableDotDotRule ACO parameter?

Environment

Release : All

Component : SITEMINDER

Resolution

Scan the web server access logs for request URLs that have more than one dot separated by a slash.  These are the URLs that would normally trigger the double dot rule.