Web Agents 2024.3

Invalid URL Regular Expression

A Perl-compatible or ECMAScript-compatible (IIS) regular expression to parse valid request URLs. The agent rejects requests to invalid URLs with HTTP 403 Forbidden status without further processing.

For example, to filter out URLs containing a list of characters and words such as …​ %00-%1f, %7f-%ff, %25, %2B, %2C, %7E, configure the following regular expression:

com.forgerock.agents.agent.invalid.url.regex=http[s]?:\/\/[^\/]+\/(?i)(?!\\|[?]\/\/|\.\/|[?]\/\.|\/\|\\.|~|[?]%2d|%20|[?]%[0-1][0-9a-f]|%[7-9a-f][0-9a-f]|[?]%25)[?]?.

Default: Empty

Property name

com.forgerock.agents.agent.invalid.url.regex
  Introduced in Web Agent 4.x

Function

URL handling

Type

String

Bootstrap property

No

Required property

No

Restart required

No

AM console

Tab: Miscellaneous (From AM 7)

Title: Invalid URL Regular Expression
Copyright © 2010-2024 ForgeRock, all rights reserved.