What is the difference b/w Handle Path parameter? As Parameter and as URL

Path parameters are parameters that are attached to path segments in the URI. Path parameters can be ignored, or treated as parameters, or as an integral part of URLs.

Although path parameters are not widely used, they could serve as covert back doors to potential attacks even for server applications that do not use path parameters. For example, an application could copy a URI with path parameters containing attack signatures to the body of the response.

Path parameters can have multiple parameters in the same path segment separated by semicolons. A semicolon also separates the path segment from the parameters; for example,

/path/name;param1;p2;p3

. Each parameter can optionally equal a value; for example,

param=value;p2

. If a path parameter has more than one value, the values are separated by commas, such as

param=val1,val2,val3

.

Path parameters are extracted from requests, but not from responses.

As Parameter: Specifies that the system normalizes and enforces path parameters. For each path parameter, the system removes it from URLs as part of the normalization process, finds a corresponding parameter in the security policy (first at the matching URL level, and if not found, then at the Global level), and enforces it according to its attributes like any other parameters.

As URL: Specifies that the system does not normalize nor enforce path parameters. Path parameters are considered an integral part of the URL.

Ignore: Specifies that the system removes path parameters from URLs as part of the normalization process, but does not enforce them.

See the ASM Implementation Guide for details.