Message Image

Skip main navigation (Press Enter).

Symantec Access Management

View Only

Back to discussions

Expand all | Collapse all

Tech Tip: SPS URLHandling: SPS intercepts the space or its unicode value %20 as bad character in the URL

1. Tech Tip: SPS URLHandling: SPS intercepts the space or its unicode value %20 as bad character in the URL

0 Recommend
Julien_Nitot
Posted Jun 28, 2017 06:02 AM

Reply Reply Privately
Question
When we use an SPS to protect resources, if it contains a space char or a %20, it is blocked and returns and error page.
We try to gets this page, and SPS blocks the access :

http://myhost.mydomain.com/basic/basic%20in/page.html

and the Web Agent logs the line :

URL contains invalid characters. Exiting with HTTP 500 server error '00-0002'.

We've defined the in ACO, there's no %20.

BadUrlChars = //,./,/.,/*,*.,˜,\,%00-%1f,%7f-%ff,%25

Why do we see this behavior ?

Answer
The behavior seen is by design. The difference you see is because you have 2 different types of Agent : a Reverse Proxy one and a Regular Web Agent.
In the Reverse Proxy Agent, we don't decode the url. The Reverse Proxy Agent has to pass directly the URL as is to the backend server. If the URL contains a bad char, then it will block the request. In this use case, the BadUrlChars has %25 (%), the Reverse Proxy Agent blocks the access.
In the Web Agent, we decode the url. So the %20 will be handled as a space, and not just as a "%", a "2" and a "0". As such, as it doesn't meet the value of the BadUrlChars, the Web Agent won't block the request as badurlchars.

KD: TEC1815824

Copyright 2019. All rights reserved.

Powered by Higher Logic