When I insert a backslash ("\") in the resource url, it returns an error message that leaves room for an 'intruder' to figure out which gateway I'm using.
generated error:
{"fault": {"faultstring": "Invalid path GET // HTTP / 1.1", "detail": {"error code": "protocol.http.InvalidPath"}}}
By searching for: "errorcode": "protocol.http.InvalidPath", it is possible to identify that ApiGee is being used as API management platform.
How can I handle this backslash?
Thanks.
I think Apigee is correctly handling that path. It is invalid.
The backslash character should not be present. If you need to pass something like that, the client should URI-encode the character before sending it in a request.
I hope this helps. I'm sorry I don't fully understand the details of your question, as I do not speak Portuguese.
Sorry, I thought I translated the question. I've corrected it, I think I'll understand it better now.
The apigee handling leaves a security hole that allows the 'intruder' to identify the gateway I am using. I cannot change the error message as it occurs before accessing the proxy API.
How can I do this treatment?
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |