DisableDotDotRule Rule

Article Id: 141604

Status: Published

Updated On: 10-12-2019 15:06

Products:

CA Single Sign On Secure Proxy Server (SiteMinder) , CA Single Sign On Agents (SiteMinder) , SITEMINDER , SITEMINDER

Issue/Introduction:

Is there a way we can identify which apps/aco are really using DisableDotDotRule ACO parameter?

Environment:

Release : All

Component : SITEMINDER

Resolution:

Scan the web server access logs for request URLs that have more than one dot separated by a slash. These are the URLs that would normally trigger the double dot rule.