Illegal characters

  • Article

Sometimes, when publishing a web application that is not one of the standard templates, you might run into an “access denied“ error. If you look for it in the UAG Web monitor, it might look like this:

“A request for application <ID> of type <type> on trunk <trunk> Secure=1 failed because of a predefined rule for the application. The reason for the failure: illegal character – (<char>). The URL is <URL>. The method is <method>. The source IP address is <IP>. The user is <User>.

clip_image002

Don’t worry…the police won’t be coming after you for using illegal characters, but a minor configuration tweak of your server is in order. The above example is from the SAP application, with which we run into this sort of thing often. The cause of this error is the fact that some applications create URLs with characters that UAG was designed to block by default (for security purposes). When you publish a generic web application with UAG, the template creates a URL inspection rule, which allows some characters, and blocks all others. By default, the inspection rule for web application allows all alphanumeric characters, numbers, and also the characters :@&=$+_-!’,;~{}. This means that if the application’s URL contain the characters #%/\:*?<>|.()[]”, that URL will be blocked. Depending on the applications’ design, some apps need to be allowed one or more of the additional characters.

If you run into this situation, it’s pretty simple to resolve. The error message tells you exactly which character you need to add to the inspection rule. The steps required are:

1. Go to the UAG’s advanced trunk configuration, and go to the URL Inspection tab.

2. In the URL inspection tab, look at the Global URL Character Rules, at the bottom of the page, and find the one that pertains to the application that is having the problem. Double-click to open it for editing.

3. In the Legal Character field, add the relevant character, and then click OK

4. Activate the configuration.

clip_image004

Note that the error message would only refer to a single character, but you might find, after making the change, that you get a similar error. If so, look closely – you will probably discover it’s another character (for example, the above error was for the open-brackets symbol, but you would probably need to add the close-brackets too). Depending on the app, you might have to go through several iterations until you “find” all the characters you need to add.