URL allow list for logout redirects (instance security hardening)
Use the glide.security.url.whitelist property to add extra layer of validation to ensure whether any external URL introduced should be a part of inclusion listed URLs.
Open redirection occurs when a vulnerable web page is redirected to an untrusted and malicious page that may compromise the user. Open redirection attacks come with a phishing attack because the modified vulnerable link is identical to the original site, increasing the likelihood of success for the phishing attack.
This property is applicable in the following cases:
/logout.do?sysparm_goto_url={External URL}/cms_login_redirect.do?sysparm_goto_url={External URL}
Users are directed to an external trusted site after they log out of the instance:
/logout_redirect.do?sysparm_url={External URL}/saml_redirector.do?sysparm_uri={External URL}
When SAML is enabled, it invokes an identity provider (IDP) logout URL.
More information
| Attribute | Description |
|---|---|
| Property name | glide.security.url.whitelist |
| Configuration type | System Properties (/sys_properties_list.do) |
| Configure in Instance Security Center | Yes |
| Purpose | To implement safe URL redirect during login, logout, or other redirects. This property mitigates one of the OWASP top 10 attacks called Invalidated Redirects and forwards. |
| Type | Comma and space separated string. Example, https://example.com, https://wiki.example.com. |
| Value | Your organization's approved URLs [Some Defined FQDN (Fully Qualified Domain Name) Ex. http://www.servicenow.com] |
| Functional Impact | This remediation enforces validation on logout page. It might have a functional impact on a user of an instance with an SSO/SAML configuration. |
| Security risk | (High) Client-side open redirection can enable attacker to redirect victims/users to attacker-controlled website and is viewed as a security risk. |
| References |
To learn more about adding or creating a system property, see Add a system property.