Enforce URL allowlist check [Updated in Security Center 1.3 and 1.5]
Use the glide.security.url.whitelist property to add extra layer of validation to ensure whether any external URL introduced should be a part of inclusion listed URLs.
Open redirection occurs when a vulnerable web page is redirected to an untrusted and malicious page that may compromise the user. Open redirection attacks come with a phishing attack because the modified vulnerable link is identical to the original site, increasing the likelihood of success for the phishing attack.
This property is applicable in the following cases:
/logout.do?sysparm_goto_url={External URL}/cms_login_redirect.do?sysparm_goto_url={External URL}
Users are directed to an external trusted site after they log out of the instance:
/logout_redirect.do?sysparm_url={External URL}/saml_redirector.do?sysparm_uri={External URL}
When SAML is enabled, it invokes an identity provider (IDP) logout URL.
More information
| Attribute | Description |
|---|---|
| Property name | glide.security.url.whitelist |
| Configuration type | System Properties (/sys_properties_list.do) |
| Category | Validation, sanitization, and encoding |
| Purpose | To implement safe URL redirect during login, logout, or other redirects. This property mitigates one of the OWASP top 10 attacks called Invalidated Redirects and forwards. |
| Type | String |
| Default value | true |
| Recommended value | true |
| Value | Your organization's approved URLs [Some Defined FQDN (Fully Qualified Domain Name) Ex. http://www.servicenow.com] |
| Security risk rating | 8.3 |
| Functional impact | This remediation enforces validation on logout page. It might have a functional impact on a user of an instance with an SSO/SAML configuration. |
| Security risk | (High) Client-side open redirection can enable attacker to redirect victims/users to attacker-controlled website and is viewed as a security risk. |
| References |
To learn more about adding or creating a system property, see Add a system property.