Workaround
The workaround to block the domains that contain Unicode characters while Chrome and Firefox solve this vulnerability is to block the request that arrives at the proxy and contains "xn --" on the GET request.
To block this GET request you can create a new rule under a Web Access Layer where destination is configured as
Destination Host/Port and using Host containing
xn --CPL code to apply the previous rule:
<Proxy>
condition=UnicodeBlocking DENY
define condition UnicodeBlocking
url.host.substring=xn--
end
Important Notes:
- This is a temporary workaround until this vulnerability is fixed in Chrome and Firefox.
- This workaround blocks trusted and untrusted sites.