In the context of a reverse-proxy, it may not be possible to know what types of files are exposed in the backends and their level of security.
This function lists only those extensions that will be available through the reverse-proxy, even if the backend authorizes them.
This check is performed via the URLs requested by browsers.If an extension is not in the list, the reverse-proxy will return a 444 error code
This feature is available on Artica v4.50 Service Pack 1 or Artica v4.50 Hotfix 20250108-18
- The engine will detect both uri like
http://website/toto.saveandhttp://website/toto.save?t=6549879
- Select the website rule and find the “Allowed Extensions”
by default, the option is inactive, i.e. the reverse-proxy performs no verification and what is provided by the backend is transmitted to browsers.
- The Allowed extensions edit window lets you view a default list of the file extensions most often used by websites.
You can deactivate or delete them to further restrict access. - Click on the Disabled button in order to enable the feature.
- Click on the “Apply” button to make your list in production mode.
