Collaborate with over 60,000 Qlik technologists and members around the world to get answers to your questions, and maximize success.Join Us
Several files that contain the Tilde character in their names can be found in %InstallDir%\Qlik\Sense\Client\chunks\. Some Web Application Firewall applications like CA Siteminder & Barracuda LB ADC complain about this. An example alert message:
"Tilde in URL Path The request URL /qs/webticket2/resources/chunks/vendors~unorm-amd.c9641a3a4d6c4a29e36e.js contained a tilde (~) character, and is disallowed by the Barracuda Load Balancer ADC. The tilde character usually depicts users' home directories, and allowing tildes can give access even to files owned by the super user of the server if the Web server process is running as the super user. No recommendations available for this attack"
This is how the product is designed in more recent versions. Specifically, it's how different chunks are identified when building the client.
In RFC 1738 (dated December 1994) the tilde character was considered unsafe since gateways and other transport agents sometimes could modify it. However, in RFC 2396 (dated August 1998) it was removed from the unsafe list “since it is extensively used on the Internet in spite of the difficulty to transcribe it with some keyboards”. Some articles are still recommending not to use tilde because it’s not easy to write with the keyboard, but that is not a problem here as we are only using it to reference to static files. So in short it should be considered as a safe character to use in URL's.
Our recommendation modify the default rule(s) of your Loadbalancer/Firewall etc. to allow the files whose names contain ~ .
Search Qlik's Support Knowledge database or request assisted support for highly complex issues.Submit a case
Experiencing a serious issue, please contact us by phone. View phone numbers and hours by region.