ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
What is the difference between BadURLChars and BadCSSChars?
Article ID: 50761
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
The clearest way to explain the difference is evolved security with flexibility. We introduced BadURLChars and BadQueryChars first, then added BadCSSChars which blocks things in more detail (multi-level ASCII decode, meaning we check for encoded equivalents of BadCSSChars but we do not do that with BadURLChars). As always we add a new setting rather than changing the behavior of an existing setting to avoid disrupting existing installations. This also enables you to use 2 different error pages if you wish (ServerErrorFile vs. CSSErrorFile). You can read more on that in the webagent configuration guide, section titled "Custom Error Handling For Applications".
Environment
Release:
Component: SMAPC
Component: SMAPC
Feedback
Yes
No
Powered by
