Exempt Unsafe Characters
Some characters are unsafe for use in the URL address of your website as they open up many back doors for different exploits. However some websites continue to use unsafe characters in their URL addresses without encoding them and requests that contain them will be treated by AbyssGuard as hack attempts. On your Exempts page you can specify any unsafe characters you have in your website URLs. Add them one at a time! This is example list of the most commonly used and dangerous characters that are still found in many website URLs.
' Used for MySQL injections." Used for MySQL injections.
` Used for MySQL injections.
< Used for XSS and executing of malicious scripts.
> Used for XSS and executing of malicious scripts.
[ Used in various exploit methods.
] Used in various exploit methods.
++ Double empty space is often used for MySQL injections and also in attempts to fool you with the requested URL address adding additional parameters where you can't see them at the end of the request.
The Exempts don't work like the Whitelist! They will ignore only given actions and will not exempt the visitors from the rest of the checks.
Exempt User-Agent From Invalid Headers Check
A legitimate traffic may also come from out of date Robots or browsers, in this case adding the User-Agent in the Whitelist may cause you problems as you allow a given User-Agnet to do everything. In this case you can use this part of the Exempts to add the specific User-Agent excluding it from the invalid Headers check only.