HTTP methods applicable for CSSChecking, BadCSSChars, BadUrlChars ACO parameters
Article ID: 200072
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Federation (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
SITEMINDER
Issue/Introduction
Questions about some ACO parameters.
CSSChecking
- Which HTTP methods are covered?
- Which parts of the HTTP request are covered?
- Which parts of the HTTP response are covered?
BadCSSChars
- Which HTTP methods are covered?
- Which parts of the HTTP request are covered?
- Which parts of the HTTP response are covered?
BadUrlChars
- Which HTTP methods are covered?
- Which parts of the HTTP request are covered?
- Does the method apply to the HTTP response?
BadQueryChars
- Which HTTP methods are covered?
- Which parts of the HTTP request are covered?
- Does the method apply to the HTTP response?
BadFormChars
- Which HTTP methods are covered?
- Which parts of the HTTP response are covered?
- Does the method apply to HTTP requests?
- Does this mechanism apply to all forms rendered from the Web Agent protected Web Application or is it somehow a subset? Either way please detail and explain.
Resolution
CSSChecking
- If set to yes then Web Agent checks for BadCSSChars;
- Applicable to all HTTP methods;
- Does not apply to response;
BadCSSChars
- All HTTP methods are covered;
- Complete URL ( URI + query);
- Does not apply to response;
BadUrlChars
- All HTTP methods are covered;
- Only URL;
- Does not apply to response;
BadQueryChars
- All HTTP methods are covered;
- Only query;
- Does not apply to response;
BadFormChars
- GET and POST HTTP methods and applicable to response only while redirecting users to the forms login page;
- Covers form fields other than target;
Feedback
Yes
No
Powered by
