Ignoring the Path for Not Enforced URLs (Optional) (Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Microsoft Internet Information Services (IIS) 6.0)

Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Microsoft Internet Information Services (IIS) 6.0

Ignoring the Path for Not Enforced URLs (Optional)

The com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list property indicates whether the path information and query should be removed from the request URL before it is compared with not-enforced URLs, when those URLs have a wildcard (*) character.

For security reasons, this property should be set to true, to avoid certain situations. For example, if a not-enforced URL such as http://host/*.gif exists, someone can access http://host/index.html by using the request URL http://host/index.html/hack.gif.

The default value for com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list is true. If necessary, you can set is property in the OpenSSO Console.

To Ignore the Path for Not Enforced URLs

Click Access Control, realm-name, Agents, and then the profile name for the IIS 6.0 agent.

Click Advanced.

Scroll down to Custom Properties and add the following property:

com.sun.identity.agents.config.ignore.path.info.for.not.enforced.list=true

Click Save.