Support for URLs as not case-sensitive

By default, Security Verify Access treats URLs as case-sensitive when performing checks on access controls. The -i junction option is used to specify that WebSEAL treat URLs as not case-sensitive when performing authorization checks on a request to a junctioned back-end server.

The -i option is also supported on virtual host junctions.

When we set this option on the junction, WebSEAL does not distinguish between uppercase and lowercase characters when parsing URLs. By default, Web servers are expected to be case-sensitive.

Although most HTTP servers support the HTTP specification that defines URLs as case-sensitive, some HTTP servers treat URLs as not case-sensitive. For example, on not case-sensitive servers, the following two URLS:

are viewed as the same URL. This behavior requires an administrator to place the same access controls (ACLs) on both URLs.

By junctioning a third-party server with the -i option, WebSEAL treats the URLs directed to that server as not case-sensitive.

To correctly authorize requests for junctions that are not case sensitive, WebSEAL does the authorization check on a lowercase version of the URL. For example, a Web server running on Windows treats requests for INDEX.HTM and index.htm as requests for the same file.

Junctions to such a Web server should be created with the -i [or -w ] flags. ACLs or POPs that are attached to objects beneath the junction point should use the lower case object name. An ACL attached to /junction/index.htm will apply to all of the following requests if the -i or -w flags are used: /junction/INDEX.HTM
/junction/index.htm
/junction/InDeX.HtM

This option is valid for all junctions except for the type of local. Local junctions are not case-sensitive only on Win32 platforms; all other platforms are case-sensitive. Attention: When using the -i option, object names must be lower case in order for WebSEAL to be able to find any ACLs or POPs attached to those objects. For information, see ACLs and POPs must attach to lower-case object names.

Parent topic: Advanced junction configuration

Related concepts

Related tasks