SPS intercepts the space or %20 as bad character in URL URLHandling
search cancel

SPS intercepts the space or %20 as bad character in URL URLHandling

book

Article ID: 14824

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

 

When running a CA Access Gateway (SPS) to protect resources, it is blocked and returns an error page if the request contains a space char or a %20.

The browser tries to get this page, and CA Access Gateway (SPS) blocks the access:

  http://myhost.mydomain.com/basic/basic%20in/page.html 

The Web Agent logs the line:

    URL contains invalid characters. Exiting with HTTP 500 server error '00-0002'. 

The ACO parameter BadUrlChars, there's no %20 defined:

      BadUrlChars = //,./,/.,/*,*.,˜,\,%00-%1f,%7f-%ff,%25

Resolution

 

The behavior seen is by design. The difference is that there are 2 different types of Agents: a Reverse Proxy and a Regular Web Agent.

In the Reverse Proxy Agent, the Web Agent doesn't decode the URL. The Reverse Proxy Agent has to pass directly the URL as is to the backend server. If the URL contains a bad char, then it will block the request. In this use case, the BadUrlChars has %25 (%), and the Reverse Proxy Agent blocks the access.

In the Web Agent, the Agent decodes the URL. So the %20 will be handled as a space, and not just as a "%", a "2" and a "0". As such, as it doesn't meet the value of the BadUrlChars, the Web Agent won't block the request as badurlchars.