I have requirement and looking for appropriate solution.
Requirement : Allow request having special character (|[%7C]) in query string e.g. http://<<hostname>>//category/results?Ns=sortPrice_AEO_INTL%7C1
Analysis : "Protect Against Code Injection Assertion" which provides basic threat protection against attacks on web applications by blocking malicious code injection.
I am thinking to use "Encode/Decode Data" assertion before "Protect Against Code Injection Assertion" . But don't know impact with respect to threat protection.
Is there any way to configure special character which will be acceptable by "Protect Against Code Injection Assertion"?
Note :- Gateway version : 9.2
Here is the my existing threat protection configuration: