Requests not getting processed containing special characters

book

Article ID: 185585

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

We are facing an issue in our Production and lower environment where the requests are not getting processed if they contain any special characters.

As of now we have seen issue with '$' and '&'. For handling the issue we are escaping the characters by using "Evaluate Regular Expression" assertion.

Can you please provide the list of special characters that causes the issue and also if there is any other way to resolve the issue so that we don't have to updated our every API's individually.

 

Cause

When constructing HTML/XML/JSON document using input directly from the user its essential to escape HTML special characters to avoid insertion attacks. 
Gateway must check the validity of all data inputs except those specially identified by the customer's business needs.

Environment

Release : 9.2

Component : API GTW ENTERPRISE MANAGER

Resolution

If the data is sent/received via URL, then the users can use Encode/Decode Data Assertion.  What if the destination is BODY and the format is XML, then you cannot encode the data using URL encoding rules so you need to use regular expression.  In order to bypass any special characters, you need to add them in your policy using regex expressions as depicted below ..




Attachments