Modifying the list of URI characters that Deep Security Agent considers illegal

- Updated:
- 18 Aug 2017
- Product/Version:
- Deep Security 10.0
- Deep Security 10.1
- Deep Security 9.0
- Deep Security 9.5
- Deep Security 9.6
- Deep Security as a Service 2.0
- Platform:
- Unix - Solaris (Sun) version 10 (SunOS 5.10)
- Unix - Solaris (Sun) version 8 (SunOS 5.8)
- Unix - Solaris (Sun) version 9 (SunOS 5.9)
- Windows 2000 Professional
- Windows 2003 Standard Server Edition
- Windows 2008 Standard Server Edition
- Windows Vista 32-bit

Summary

By default, Deep Security considers the following characters illegal according to RFC2396 and RFC3986:

Decimal	Hex	Value
000	00	NUL (Null character
001	01	SOH (Start of Header)
002	02	STX (Start of Text)
003	03	ETX (End of Text)
004	04	EOT (End of Transmission)
005	05	ENQ (Enquiry)
006	06	ACK (Acknowledgement)
007	07	BEL (Bell)
008	08	BS (Backspace)
009	09	HT (Horizontal Tab)
010	0A	LF (Line Feed)
011	0B	VT (Vertical Tab)
012	0C	FF (Form Feed)
013	0D	CR (Carriage Return)
014	0E	SO (Shift Out)
015	0F	SI (Shift In)
016	10	DLE (Data Link Escape)
017	11	DC1 (XON) (Device Control 1)
018	12	DC2 (Device Control 2)
019	13	DC3 (XOFF)(Device Control 3)
020	14	DC4 (Device Control 4)
021	15	NAK (Negative Acknowledgement)
022	16	SYN (Synchronous Idle)
023	17	ETB (End of Trans. Block)
024	18	CAN (Cancel)
025	19	EM (End of Medium)
026	1A	SUB (Substitute)
027	1B	ESC (Escape)
028	1C	FS (File Separator)
029	1D	GS (Group Separator)
030	1E	RS (Request to Send)(Record Separator)
031	1F	US (Unit Separator)
032	20	SP (Space)
035	23	#
039	27	'
060	3C	<
062	3E	>
091	5B	[
093	5D	]
094	5E	^
096	60	`
123	7B	{
124	7C	}
125	7D	\|
>127	>7F	Extended Ascii Characters

Details

Today, many web applications may use some of the illegal characters listed above in URL requests. If you see an illegal character in the URI events in your DPI event logs, you may need to modify the Deep Security Agent (DSA) configuration to allow certain characters.

To allow characters from Hex 00 to Hex 7F, you need to configure the HTTP Protocol Decoding IPS filter by doing the following:

Open the properties of the filter and then click the Configuration tab.
Tick the Use a custom list of characters disallowed in a URI check box.
You will see the characters listed in the Raw section (not URI encoded) are the characters not allowed in all parts of URI box.
Remove the characters that you would like to exempt from the illegal character list.
Click OK to close the filter properties window.

The list can be customized globally and at the security profile and host levels.

Test Now

Rating:

Category:

Configure

Solution Id:

1054481

Feedback

Did this article help you?

Thank you for your feedback!

What was the problem with this article?

The image(s) in the article did not display properly.

The article did not provide detailed procedure.

The article is hard to understand and follow.

The video did not play properly.

The article did not resolve my issue.

Others. Please specify.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

Thanks for voting.

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:

We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

Need More Help?

Modifying the list of URI characters that Deep Security Agent considers illegal