We noticed that URL normalization on SCE2020 3.7.2 doesn't cover specific scenario.
When you enter blacklisted URL in a browser that's allready percent encoded - SCE treats it as some sort of "case-sensitive percent encoding".
Suppose we want to blacklist following url, and add it to url-database
http://black.bk/%D0%BF
So sce will block it.
But it will not block http://black.bk/%D0%bf
That happen only to percent encoded URLs.
If you blacklist ASCII URLs normalization works as expected. And you can mix upper-lower case letter in URL - it still blocked.
Anyone managed to find workaround or bug-id?