Limit URLs by Character Length

book

Article ID: 169098

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

By default, the ProxySG appliance handles URL traffic based on incoming or outgoing client side requests. In some cases, (such as in reverse proxy deployments), server administrators may require that the requested URL character lengths become evaluated in policy by specific length. This is especially beneficial in the prevention of Cross-Site Scripting Attacks (XSS).

 

Resolution

You can create policy to allow or block specific URLs based on a predefined character length. The steps to define this type of policy using the Visual Policy Manager are as follows:


1. Launch the Visual Policy Manager. (VPM).
2. From the policy, click Add new Web Access layer.
3. In the new layer's only rule, right-click the destination field.
4. Click Set > New Request URL
5. Within the Regular Expression Match (RegEx) field, type in: 

^.{1,max}$

Note: In the above code, replace "max" with the desired maximum character length of URLs to be evaluated. The "1" represents the minimum character length as 1 character or 1 byte. Although possible to modify the minimum length of URLs to be evaluated, it is not recommended as policy evaluation may not produce expected results.



User-added image
6. Click on OK to set this as the rule's destination.
7. Right click the action field and modify accordingly (in this example we will utilize a Deny)

User-added image
8. Click install policy to commit this change.
 

Attachments