Ignore Path Info in Request URLs
Not for ISAPI or NGINX Plus Web Agent. |
When true
, while doing the not-enforced list check and URL policy evaluation, strip path info from the request URL. Use this property to match to the URL without PATHINFO, as defined by the apache or IIS servers.
Example:
-
If Not-Enforced URL List includes
http://host/*.gif
, then stripping path info from the request URI prevents access tohttp://host/index.html
by usinghttp://host/index.html?hack.gif
.
However, when a web server is configured as a reverse proxy for a Java application server, the path info is interpreted to map a resource on the proxy server rather than the application server. This prevents the not-enforced list or the policy from being applied to the part of the URI below the application server path if a wildcard character is used.
Example:
-
If Not-Enforced URL List includes
http://host/webapp/servcontext/*
and the request URL ishttp://host/webapp/servcontext/example.jsp
, the path info is/servcontext/example.jsp
. When the path info stripped is, the resulting request URL ishttp://host/webapp/
, which does not match the not-enforced list. Therefore, when this property is enabled, path info is not stripped from the request URL even if there is a wildcard in the not-enforced list or policy.
When this property is true
, make sure that nothing follows a wildcard in the not-enforced list or policy.
Default: false
Property name |
|
Function |
Ignore path info |
Type |
Boolean: |
Bootstrap property |
No |
Required property |
No |
Restart required |
No |
AM console |
Tab: Title: |