We regularly see attacks on a public interface protected by SiteMinder (or CA Single Sign On if you prefer ). Quite a few of these attacks have a specific pattern to them in how they construct the request URL i.e. passing OAuth parameters in the GET query list. Is there an easy, and performant, way to block specific URL patterns using SiteMinder?
I'm thinking of something in the agent config side rather than evaluating policies as the former would likely be more performant. Maybe the CSS checking config is the place for it.
Are there any other options? It would be nice if the request could also be "black-holed" so the agent/web server doesn't even spend time sending a response back to the client. Obviously traffic managers can do this type of thing but I was wondering if it's something SiteMinder could/should be involved in.