It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Barracuda WAF-as-a-Service

Overview Documentation Training Certification Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

URL Normalization

Last updated on 2020-10-02 18:57:16

Barracuda WAF-as-a-Service normalizes all traffic before applying any security policy string matches. For HTTP data, this requires decoding Unicode, UTF, or Hex to base text, to prevent disguised attacks using encoding formats for which string matches are not effective.

The default setting for URL Normalization provides protection for systems using standard character sets without encoding. [The Default Character set parameter specifies the character set encoding type for incoming requests. UTF-8 is the default.]

In some cases, multiple character set encoding is needed. For example, a Japanese language site might need both Shift-JIS and EUC-JP encoding. To add character set encoding, set the Detect Response Charset parameter to On. All response headers will be searched for a META tag specifying the character set encoding type and any supported types will be added dynamically.

Double encoding is the re-encoding of the encoded data. For example, the UTF-8 escape for the backslash character is %5C, which is a combination of three characters (%, 5, and C). Double encoding is the re-encoding either one or all three characters by using their corresponding UTF-8 escapes as %25, %35, and %63.

Only change these settings if your server is using encoding or a non-standard character set.

If you must change the encoding type, refer to the following list of character set decoding types.

English only: ASCII (7-bit), ISO-8859-1 (8-bit)
Unicode: UTF-8
Chinese: GBK, GB2312, HZ, BIG-FIVE, EUC-TW, ISO-2022-CN
Japanese: Shift-JIS, EUC-JP, ISO-2022-JP
Korean: EUC-KR, JOHAB, ISO-2022-KR