Knowledgebase: False Positives
How can we turn off "Global URL Encoding"? Is it safe?
Posted by Alice Lankri (Import), Last modified by on 28 April 2011 09:12 PM
URL Encoding category can be found under "Advanced settings".

For your information - the URL encoding protection is triggered due to a reserved character being sent in the URL string without being URL-encoded. Usually, the browser would HEX-encode it. Thus this creates a non-RFC-compliant case in which the dotDefender URL Encoding checker blocks the request due to an abnormal URL.

It is safe to switch off the Global URL Encoding protection since it serves as early warning regarding suspicious mixtures of abnormal encoding schemes in the same URL. It is not actually meant to match a specific application attack, and you will still be protected by the full coverage of the other security mechanisms that pinpoint application attacks.
(59 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

Help Desk Software by Kayako