URL BadQueryChars: /myURI/MyServlet;variable=value in Web Agent
search cancel

URL BadQueryChars: /myURI/MyServlet;variable=value in Web Agent

book

Article ID: 77169

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On SITEMINDER

Issue/Introduction

 

When running a Web Agent protecting an application, the browser gets the following errors when accessing the URL '/myURI/MyServlet;variable=value':

   "URL contains invalid characters. Exiting with HTTP 500 server error '00-0002'."

In the ACO, the following parameters are defined:

BadUrlChars=//,./,/.,/*,*.,~,/,%00-%1f,%7f-%ff,%25
BadQueryChars=<,>,;,),(,+,%00

When removing the semicolon character from the BadQueryChars then the browser can access the URL above, but as there is no query string in the URL, why it is complaining about BadQueryChars, there's even no semicolon defined in the BadUrlChars parameter?

 

Environment

 

Web Agent R12.52 SP1 CR05

 

Cause

 

As per documentation (1)(2), BadQueryChars "specifies characters that the Web Agent prohibits in the query string portion (following the '?') in a URL." When the URL does not contain a '?' character, the Agent is checking the whole URL for BadQueryChars

This issue is fixed in Web Agent 12.52SP1CR09 (3).

 

Resolution

 

Upgrade to version 12.52SP1CR09 to fix this issue.

 

Additional Information

 

(1)

    Specify Bad Query Characters
    

(2)

    Specify Bad URL Characters
    

(3)

    Web Agent

      00932392 DE340263 
      The BadQueryChars ACO parameter incorrectly checks the entire URL if there is no query string.

 

Powered by Wolken Software