Section – Miscellaneous

UI

Description

Default request character set

Sets the defined charset that is used for HTTP requests without a content-type header from the client. Note that for content-type headers, Airlock Gateway uses the information from the header to decode the request.

Choice:

  • UTF-8 (Fallback: Windows-1252)
  • UTF-8
  • ISO-8859-15
  • Windows-1251
  • Windows-1252

Enforce UTF-8 for request path 1

If enabled, UTF-8 is being enforced for the HTTP request path.

Note:

  • Path segment parameters are also restricted by this setting.
  • Path segments may also be restricted by this setting if this mapping is configured to treat path segments as parameters.

  • See also: Section – Basic Call Verification

Enforce UTF-8 for request headers 1

If enabled, UTF-8 is being enforced for the HTTP request headers.

Enforce UTF-8 for request parameters 1

If enabled, UTF-8 is being enforced for the HTTP request parameters.

WebSocket handling

Enables support for WebSockets protocol as defined in RFC 6455.

 
Notice
  • The traffic that is using the WebSocket protocol can not be filtered or validated in any way at the moment. Nonetheless, session handling, authentication and other basic checks like DoS attack prevention are applied as with normal HTTP traffic.
  • Due to the persistent one-to-one binding of client and back-end connections, the memory usage may be increased substantially.
  • Make sure the “Translate Origin header” is enabled for this feature to work properly.

Deliver error page by redirect

Specifies whether error and maintenance pages are delivered in place or if an HTTP redirect pointing to them is sent to the client.

1

With UTF-8 enforcing enabled, Airlock Gateway will block Overlong UTF-8.

Blocked request character sets

Parameter values that are sent in HTTP requests from the client are encoded in a defined charset. Many attacks are based on injecting special characters in a different encoding or charset to the application server.

In rare cases, other charsets than those defined under Default request character set are used in a request, but should not be blocked by Airlock Gateway.

To allow other charsets, you can add the following line to the expert settings (Submenu – Security Gate / Apache):

 
Example
parameterNormalization.blockUnsupportedCharset "FALSE"
  • TRUE (default) – Airlock Gateway blocks any requests with unsupported values in the content-type header.
  • FALSEAirlock Gateway treats the request in the same way as if no content-type header was set.