Make Web Application Firewall Site Path Routing case insensitive.
Site Path Routing should have an option to treat the path in a case neutral manner.
I am missing this feature.
Insane. Want to bypass reverse auth requirement on a "protected" path? Use upper or camel case in your browser and you are in. At least make it regex capable (e.g. [Pp][Aa][Tt][Hh])
any updates on this issue?
Do this quick. Else I have 2^(number of letters) permutations to create rules for. This is insane.
How has this not been added as a feature yet? What's the point of access control to a URL within a site if they can easily bypass it by changing the case because the site path no longer applies to it?
Hugh Kelley commented
The easiest way to accomplish this might be to load Apache's mod_speling module and enable the CheckCaseOnly directive.
"When set, this directive limits the action of the spelling correction to lower/upper case changes. Other potential corrections are not performed.
Bob Alfson commented