search cancel

What is the difference between BadURLChars and BadCSSChars?


Article ID: 50761


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


The clearest way to explain the difference is evolved security with flexibility. We introduced BadURLChars and BadQueryChars first, then added BadCSSChars which blocks things in more detail (multi-level ASCII decode, meaning we check for encoded equivalents of BadCSSChars but we do not do that with BadURLChars). As always we add a new setting rather than changing the behavior of an existing setting to avoid disrupting existing installations. This also enables you to use 2 different error pages if you wish (ServerErrorFile vs. CSSErrorFile). You can read more on that in the webagent configuration guide, section titled "Custom Error Handling For Applications".


Component: SMAPC