What is the difference between BadURLChars and BadCSSChars?

book

Article ID: 50761

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

The clearest way to explain the difference is evolved security with flexibility. We introduced BadURLChars and BadQueryChars first, then added BadCSSChars which blocks things in more detail (multi-level ASCII decode, meaning we check for encoded equivalents of BadCSSChars but we do not do that with BadURLChars). As always we add a new setting rather than changing the behavior of an existing setting to avoid disrupting existing installations. This also enables you to use 2 different error pages if you wish (ServerErrorFile vs. CSSErrorFile). You can read more on that in the webagent configuration guide, section titled "Custom Error Handling For Applications".

Environment

Release:
Component: SMAPC