CA API Management: The Gateway is unable to handle request URIs that contain an encoded backslash or forward slash

Document ID : KB000004104
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

The API Management Gateway is designed to handle URL-encoded characters to ensure safe processing and uniform handling of request messages and URL query strings.

As such, the Gateway will not treat an encoded character as part of the structure of a request URL. For example, a standard URL may contain the following URI:

/path/to/service 

In a normal environment, that is a valid URI that specifies a resource identifying structure. If you were to URL-encode the URI then you would see the following:

%2Fpath%2Fto%2Fservice.

Similarly, if an attempt is made to use a backslash character ("\") within a URI it will result in an error. Though a legal character it is defined as being unsafe and should also be URL encoded. For example:

 

server\user

would become

server%5Cuser

The Gateway will not be able to handle this behavior gracefully in its default configuration. The request will be terminated before service resolution occurs.

 

Resolution:

The Gateway can be configured to work around this behavior by re-configuring the web server used by the Gateway to accept inbound requests. To configure the Gateway as such, do the following:

  1. Log into the Gateway appliance as the ssgconfig user
  2. Select Option #3: Use a privileged shell (root).
  3. Open the following file for editing: /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties
  4. To allow for an encoded forward slash, append the following line to the document: org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true
  5. To allow for an encoded backslash, append the following line to the document:org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH=true
  6. Restart the Gateway service as follows: service ssg restart

Once the Gateway service is reinitialized, subsequent requests using URIs with encoded forward / back slashes should be properly resolved and handled by the Gateway application.