Follow

Q&A: What are the default meta characters that are not allowed in a URL for a WAF policy?

Question

  • In relationship to "Illegal meta character in URL", what are the default meta characters that are not allowed in a URL for a WAF policy?

Environment

  • Silverline WAF
    • WAF policy/policies
    • Illegal Meta character in URL

Answer

  • These are the meta characters that are disallowed by default
  • Hex Char State
    0x0 NULL Disallow (cannot be set to allowed)
    0x1 SOH Disallow
    0x2 STX Disallow
    0x3 ETX Disallow
    0x4 EOT Disallow
    0x5 ENQ Disallow
    0x6 ACK Disallow
    0x7 BEL Disallow
    0x8 BS Disallow
    0x9 TAB Disallow
    0xa LF Disallow
    0xb VT Disallow
    0xc FF Disallow
    0xd CR Disallow
    0xe SO Disallow
    0xf SI Disallow
    0x10 DLE Disallow
    0x11 DC1 Disallow
    0x12 DC2 Disallow
    0x13 DC3 Disallow
    0x14 DC4 Disallow
    0x15 NAK Disallow
    0x16 SYN Disallow
    0x17 ETB Disallow
    0x18 CAN Disallow
    0x19 EB Disallow
    0x1a SUB Disallow
    0x1b ESC Disallow
    0x1c FS Disallow
    0x1d GS Disallow
    0x1e RS Disallow
    0x1f US Disallow
    0x20 Space Disallow
    0x21 ! Disallow
    0x22 " Disallow
    0x24 $ Disallow
    0x26 & Disallow
    0x27 ' Disallow
    0x2a * Disallow
    0x3a : Disallow
    0x3b ; Disallow
    0x3c < Disallow
    0x3d = Disallow
    0x3e > Disallow
    0x40 @ Disallow
    0x5b [ Disallow
    0x5c \ Disallow
    0x5d ] Disallow
    0x5e ^ Disallow
    0x60 ` Disallow
    0x7b { Disallow
    0x7c | Disallow
    0x7d } Disallow
    0x7e ~ Disallow
    0x7f DEL Disallow

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request