Trend Micro - Securing Your Journey to the Cloud Business
Support
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Modifying the list of URI characters that Deep Security Agent considers illegal

    • Updated:
    • 18 Aug 2017
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Deep Security as a Service 2.0
    • Platform:
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Unix - Solaris (Sun) version 8 (SunOS 5.8)
    • Unix - Solaris (Sun) version 9 (SunOS 5.9)
    • Windows 2000 Professional
    • Windows 2003 Standard Server Edition
    • Windows 2008 Standard Server Edition
    • Windows Vista 32-bit
Summary

By default, Deep Security considers the following characters illegal according to RFC2396 and RFC3986:

DecimalHexValue
00000NUL (Null character
00101SOH (Start of Header)
00202STX (Start of Text)
00303ETX (End of Text)
00404EOT (End of Transmission)
00505ENQ (Enquiry)
00606ACK (Acknowledgement)
00707BEL (Bell)
00808BS (Backspace)
00909HT (Horizontal Tab)
0100ALF (Line Feed)
0110BVT (Vertical Tab)
0120CFF (Form Feed)
0130DCR (Carriage Return)
0140ESO (Shift Out)
0150FSI (Shift In)
01610DLE (Data Link Escape)
01711DC1 (XON) (Device Control 1)
01812DC2 (Device Control 2)
01913DC3 (XOFF)(Device Control 3)
02014DC4 (Device Control 4)
02115NAK (Negative Acknowledgement)
02216SYN (Synchronous Idle)
02317ETB (End of Trans. Block)
02418CAN (Cancel)
02519EM (End of Medium)
0261ASUB (Substitute)
0271BESC (Escape)
0281CFS (File Separator)
0291DGS (Group Separator)
0301ERS (Request to Send)(Record Separator)
0311FUS (Unit Separator)
03220SP (Space)
03523#
03927'
0603C<
0623E>
0915B[
0935D]
0945E^
09660`
1237B{
1247C}
1257D|
>127>7FExtended Ascii Characters
Details
Public

Today, many web applications may use some of the illegal characters listed above in URL requests. If you see an illegal character in the URI events in your DPI event logs, you may need to modify the Deep Security Agent (DSA) configuration to allow certain characters.

To allow characters from Hex 00 to Hex 7F, you need to configure the HTTP Protocol Decoding IPS filter by doing the following: 

  1. Open the properties of the filter and then click the Configuration tab.
  2. Tick the Use a custom list of characters disallowed in a URI check box.

    You will see the characters listed in the Raw section (not URI encoded) are the characters not allowed in all parts of URI box.

    HTTP Protocol Decoding Properties

  3. Remove the characters that you would like to exempt from the illegal character list.
  4. Click OK to close the filter properties window.
 
The list can be customized globally and at the security profile and host levels.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1054481
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.
Related Articles