Why Are You Seeing This Page?

In order to help prevent unauthorized access to server resources, as well as to protect your data, certain URL strings are disallowed on the Marshall University Web Server. Your URL includes a character, or series of characters that are included in the disallowed URL filters.

What Are The Disallowed Characters?

The following characters, words or phrases are not permitted as part of a URL:

• . - periods or "dots" are not allowed as part of directory or file names (file.name.html) to prevent directory traversal.
• ./ - trailing periods in directory names are not permitted.
• \ - backslash characters are not allowed in URL strings
• : - the colon character is not allowed to prevent alternate stream access.
• % - The percentage symbol is not allowed to prevent escaping after URL normalization.
• ;& - the combination of semi-colon and ampersand is not permitted to eliminate multiple CGI processing in a single request.
• %3b - This string represents a URL encoded semicolon, and is disallowed to prevent unauthorized attempts to insert/change/read data.
• Additionally, the following words are not allowed as unique parameters of a URL string (they would not be allowed, for example, as action variables in a URL string) to protect database integrity: alter, begin, cast, convert, create, cursor, declare, drop, end, exec, fetch, insert, kill, open, select, sys, table, update

 

If you have additional questions, or if you feel that your application/server directory requires an exception to these URL rules, please contact cositc@marshall.edu.