Web Policy Agents 5.9.1

Ignore Path Info in Request URLs

When true, strip path info from the request URL while doing the Not-Enforced List check, and URL policy evaluation. This is designed to prevent a user from accessing a URI by appending the matching pattern in the policy or not-enforced list.

For example, if the not-enforced list includes http://host/*.gif, then stripping path info from the request URI prevents access to http://host/index.html by using http://host/index.html?hack.gif.

However, when a web server is configured as a reverse proxy for a Java application server, the path info is interpreted to map a resource on the proxy server rather than the application server. This prevents the not-enforced list or the policy from being applied to the part of the URI below the application server path if a wildcard character is used.

For example, if the not-enforced list includes http://host/webapp/servcontext/* and the request URL is http://host/webapp/servcontext/example.jsp, the path info is /servcontext/example.jsp and the resulting request URL with path info stripped is http://host/webapp/, which does not match the not-enforced list. Thus when this property is enabled, path info is not stripped from the request URL even if there is a wildcard in the not-enforced list or policy.

When this property is true, make sure that nothing follows the wildcard in the not-enforced list or policy.

The NGINX Plus web agent does not support this setting.

Default: false

Property name


Property aliases

com.sun.identity.agents.config.ignore.path.info (since 4.x)


Boolean: true returns true; all other strings return false.

Bootstrap property


Required property


Restart required


AM console tab


Copyright © 2010-2023 ForgeRock, all rights reserved.