BadUrlChars parameter in ACO has "//" by default.
But it does not block URL contains "//".
BadURLChars will work on the URL received by webagent from webserver.
If the URL contains "//" then webagent will block.
Observerations from IIS and Apache:
IIS:
User entered http://server1.broadcom.net:80/error//dummy.html, url received by WA is http://server1..broadcom.net:80/error/dummy.html.
IIS is truncating an extra /. since the URL received by WA does not contain // url is not blocked.
Apache:
Here the URL is send as it is , so the URL contains // and is blocked.
Component : SITEMINDER -WEB AGENT
Basically WA is working as expected. The difference is in the functionality of webservers.