Configuring exempted URLs
When you configure schema location to forbid using location field to perform malicious requests, you can configure to exempt specific URLs from XML protection.
To create an exempted URLs list
- Go to XML Protection > Exempted URLs.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Web Protection Configuration category. For details, see Permissions. - Click Create New.
- For Name, enter a name for the exempted URL list. You will use the Name to select the list in XML protection rule.
- Click OK.
- Click Create New.
- Configure these settings:
- Simple String—The field is a string that the request URL must match exactly.
- Regular Expression—The field is a regular expression that defines a set of matching URLs.
-
Simple String—Enter a literal URL, such as
/folder1/index.htm
that the HTTP request must contain in order to match the rule, or use wildcards to match multiple URLs, such as/folder1/*
or/folder1/*/index.htm
. The URL must begin with a slash (/
). -
Regular Expression—A regular expression, such as
^/*.php
, matching the URLs to which the rule should apply. The pattern does not require a slash (/
), but it must match URLs that begin with a slash, such as/index.cfm
. - Click OK.
Select whether the URL field must contain either: |
|
Depending on your selection in URL type, enter either: To test a regular expression, click the >> (test) icon. This icon opens the Regular Expression Validator window from which you can fine-tune the expression. For details, see Regular expression syntax and Cookbook regular expressions. |