Web Policy Agents 2023.3

Invalid URL Regular Expression

A Perl-compatible or ECMAScript-compatible (IIS) regular expression to parse valid request URLs. The agent rejects requests to invalid URLs with HTTP 403 Forbidden status without further processing.

For example, to filter out URLs containing a list of characters and words such as …​ %00-%1f, %7f-%ff, %25, %2B, %2C, %7E, configure the following regular expression:

com.forgerock.agents.agent.invalid.url.regex=http[s]?:\/\/[^\/]+\/(?i)(?!\\|[?]\/\/|\.\/|[?]\/\.|\/\|\\.|~|[?]%2d|%20|[?]%[0-1][0-9a-f]|%[7-9a-f][0-9a-f]|[?]%25)[?]?.

Default: Empty

Property name

com.forgerock.agents.agent.invalid.url.regex
  Introduced in Web Agent 4.x

Type

String

Bootstrap property

No

Required property

No

Restart required

No

AM console

Tab: Miscellaneous (From AM 7)

Title: Invalid URL Regular Expression
Copyright © 2010-2023 ForgeRock, all rights reserved.