Web Policy Agents 5.10

Ignore Path Info in Request URLs

When true, while doing the not-enforced list check and URL policy evaluation, strip path info from the request URL. Use this property to match to the URL without PATHINFO, as defined by the apache or IIS servers.

Example:

  • If Not-Enforced URL List includes http://host/*.gif, then stripping path info from the request URI prevents access to http://host/index.html by using http://host/index.html?hack.gif.

However, when a web server is configured as a reverse proxy for a Java application server, the path info is interpreted to map a resource on the proxy server rather than the application server. This prevents the not-enforced list or the policy from being applied to the part of the URI below the application server path if a wildcard character is used.

Example:

  • If Not-Enforced URL List includes http://host/webapp/servcontext/* and the request URL is http://host/webapp/servcontext/example.jsp, the path info is /servcontext/example.jsp. When the path info stripped is, the resulting request URL is http://host/webapp/, which does not match the not-enforced list. Therefore, when this property is enabled, path info is not stripped from the request URL even if there is a wildcard in the not-enforced list or policy.

When this property is true, make sure that nothing follows a wildcard in the not-enforced list or policy.

The NGINX Plus Web Agent does not support this setting.

Default: false

Property name

com.sun.identity.agents.config.ignore.path.info
  Introduced in Web Agent 4.x

Type

Boolean: true returns true; all other strings return false.

Bootstrap property

No

Required property

No

Restart required

No

AM console

Tab: Miscellaneous

Title: Ignore Path Info in Request URLs

Copyright © 2010-2022 ForgeRock, all rights reserved.