What is the difference between BadURLChars and BadCSSChars?

Document ID : KB000050761
Last Modified Date : 14/02/2018
Show Technical Document Details

The clearest way to explain the difference is evolved security with flexibility. We introduced BadURLChars and BadQueryChars first, then added BadCSSChars which blocks things in more detail (multi-level ASCII decode, meaning we check for encoded equivalents of BadCSSChars but we do not do that with BadURLChars). As always we add a new setting rather than changing the behavior of an existing setting to avoid disrupting existing installations. This also enables you to use 2 different error pages if you wish (ServerErrorFile vs. CSSErrorFile). You can read more on that in the webagent configuration guide, section titled "Custom Error Handling For Applications".