Forum Discussion

David_Orban_240's avatar
David_Orban_240
Icon for Nimbostratus rankNimbostratus
Dec 20, 2010

Meta-character check on allowed wildcard URLs should not apply to explicitly set characters

Hello,

 

 

Assume that I want to allow access to the following URLs:

 

 

/*/*.jsp with * being all characters except /

 

 

i.e. I want to allow /foo/one.jsp or /bar/two.jsp, but not /foo/bar/three.jsp

 

 

I would create an allowed wildcard URL of /*/*.jsp and I would disallow the / meta-character. Unfortunately, this does not work, because the meta-character check also applies to the / characters that have been explicitely defined. IMO, the check should only apply to the characters matched by *. (this is why there is no meta-character check for explicit URLs, right?)

 

 

1) Don't you think this behavior is wrong?

 

2) How would you work around this?

 

 

Regards,

 

 

David.
No RepliesBe the first to reply