When running CA Access Gateway (SPS), when an URL has an %27 (') Apex
character, then the CA Access Gateway (SPS) returns error 403 and it
doesn't sent the request to the backend server.

We see the CA Access Gateway (SPS) blocking the request :

fiddler.saz :

Line 2 :

GET https://myserver.mydomain.com/myapp/myvariable?name=Joe+D%27Imagio&city=NewYork

  HTTP/1.1 403 Forbidden
  Date: Tue, 27 Apr 2021 14:29:52 GMT
  Server: Apache/2.4.39 (Unix) mod_jk/1.2.46

  CA Access Gateway - Error Report
  Error Details
  Request URI : /myapp/myvariable
  Error Type : SPS Exception 
  Error Code : WebAgentException 
  Error Message : Web agent has thrown error. More details in SPS logs. 

From documentation, out of the box, by default, there are 2 ACO
parameter which will block the ' character in URL : CSSChecking and
BadCSSChars :

  Help Prevent Attacks

    CSSChecking

      Enable this parameter to configure the Web Agent to scan a full URL,
      including the query string, for escaped and unescaped versions of
      the following default character set:

      left and right angle brackets (< >)
      single quote (')

      Default: Yes

      [...]

    Override the Default CSS Character Set

      By default, the agent checks for the following default cross-site
      scripting character set:

      Left and right angle brackets (< >)

      Single quote  (')

      BadCSSChars

      Default: <,',> (A comma separates the characters.)

  https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/user-protection/help-prevent-attacks.html

Changing the values ​​of the CSSChecking and BadCSSChars parameters to
not block ' character made the calls successful.