Allow enabling of Encoded Slashes directly on UTM Interface
The UTM should have a function in the Web Server Protection that allows the administrator to configure whether or not encoded slashes are allowed for the servers.
This is especially important for specific SAP-relevant functions, such as Fiori systems.
At the moment it's possible to manually configure this setting but it's reset everytime a change to a server is made.
I believe that it would be best to either:
- not overwrite the that point in the config, if enabled
- or straight up allow this configuration in the panel.
Is this problem resolved by Sophos?
Jan van Zeggelaar commented
Nice? Mandatory! If this isn't fixed soon, I may have to abandon Sophos.
S. Mark commented
I second this! The relevant apache parameters are
"ProxyPass ... nocanon"
With both set encoded slashes will not be decoded and not reencoded.
A checkbox to enable this behavior in the "Advanced" section of a virtual webserver would be nice.