Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SCE2020 url normalization works not as expected

We noticed that URL normalization on SCE2020 3.7.2 doesn't cover specific scenario.

When you enter blacklisted URL in a browser that's allready percent encoded - SCE treats it as some sort of "case-sensitive percent encoding".

Suppose we want to blacklist following url, and add it to url-database

http://black.bk/%D0%BF

So sce will block it.

But it will not block http://black.bk/%D0%bf   

That happen only to percent encoded URLs.

If you blacklist ASCII URLs normalization works as expected. And you can mix upper-lower case letter in URL - it still blocked.

Anyone managed to find workaround or bug-id?

Everyone's tags (4)
805
Views
0
Helpful
0
Replies
CreatePlease to create content