Symantec Access Management

 View Only
  • 1.  Apache web agent CSS checking/Bad URL characters

    Posted Oct 18, 2017 02:20 PM

    Hi Folks,


    I have a strange issue here and haven't had luck getting answer or help from CA Support so turning to good trusty CA Community for help.


    This should be pretty straight forward but potentially be some kind of web agent bug because the agent is complaining of BAD CSS/URL character detected but these parameters are disabled in the ACO.


    SMPS = r12.52 SP1 CR05 REHL

    Apache web agent = r12.0 SP3 CR10 REHL


    zip   1 KB 1 version
    zip   7 KB 1 version

  • 2.  Re: Apache web agent CSS checking/Bad URL characters
    Best Answer

    Posted Oct 18, 2017 03:21 PM

    There are two ACO Parameters for CSS Checks.


    BadCssChars=<Character List>.



    If we set

    #BadCssChars=<Character List>.

    CSSChecking is not defined in ACO.


    It means CSSChecking is enabled by default. And WebAgent will perform CSSChecking against an inbuilt hardcoded list even though BadCssChars is disabled.


    Did we set CssChecking=NO, restart WebAgent and try?


    The AgentLog show no CSSChecking value. Which means WebAgent would use "default' i.e. YES.



    Reference : 

    Help Prevent Attacks - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation 

  • 3.  Re: Apache web agent CSS checking/Bad URL characters

    Posted Oct 18, 2017 03:52 PM



    You are absolutely correct!


    I thought that if I "disable" the CSSchecking parameter with the "#" flag then that would disable CSSchecking, but apparently if I disable the parameter then it gets "enable" by default.  To resolve, I remove the "#" flag for this parameter and then gave it a value of "no" and this indeed disabled the CSSchecking.


    Much thanks for the help and fast response!


    Duc Tran.