Requests not getting processed containing special characters
Article ID: 185585
Updated On:
Products
CA API Gateway
API SECURITY
CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7)
CA API Gateway Enterprise Service Manager (Layer 7)
STARTER PACK-7
CA Microgateway
Issue/Introduction
We are facing an issue in our Production and lower environment where the requests are not getting processed if they contain any special characters.
As of now we have seen issue with '$' and '&'. For handling the issue we are escaping the characters by using "Evaluate Regular Expression" assertion.
Can you please provide the list of special characters that causes the issue and also if there is any other way to resolve the issue so that we don't have to updated our every API's individually.
Environment
Release : 9.2
Component : API GTW ENTERPRISE MANAGER
Cause
When constructing HTML/XML/JSON document using input directly from the user its essential to escape HTML special characters to avoid insertion attacks.
Gateway must check the validity of all data inputs except those specially identified by the customer's business needs.
Gateway must check the validity of all data inputs except those specially identified by the customer's business needs.
Resolution
If the data is sent/received via URL, then the users can use Encode/Decode Data Assertion. What if the destination is BODY and the format is XML, then you cannot encode the data using URL encoding rules so you need to use regular expression. In order to bypass any special characters, you need to add them in your policy using regex expressions as depicted below ..
Feedback
Yes
No
Powered by
