3
To create a custom page, select Custom Intrusion Prevention Page and modify the sample HTML in the
text box.
4
To view the resulting page, click Preview.
5
To reset the current customized error page to the default error page, click Default Blocked Page and
then click OK in the confirmation dialog box.
6
If you do not want to use a customized error page, select one of the following for the error page:
•
HTTP Error Code 400 Bad Request
•
HTTP Error Code 403 Forbidden
•
HTTP Error Code 404 Not Found
•
HTTP Error Code 500 Internal Server Error
7
When finished, click Accept.
Configuring Cross-Site Request Forgery Protection Settings
Cross-Site Request Forgery (CSRF) is configured independently for each Application Offloading portal. New with
this release is the Form-based Protection Method that provides a seamless solution and results in less false
positives. Optionally, you can select the original Protection Method, URL Rewrite-based Protection Method.
When a CSRF attack is detected, log entries are created in both the Web Application Firewall > Logs and Logs
> View pages. For more information about CSRF/XSRF attacks, see
on page 68.
To configure the settings for CSRF protection with the URL Rewrite-based Protection Method:
1
Expand the Cross-Site Request Forgery (CSRF/XSRF) Protection section.
2
In the Portals drop-down list, select the Portal to which these CSRF protection settings apply. To make
these CSRF settings the default for all portals, select Global.
3
Select URL Rewrite-based Protection from the Protection Method drop-down list.
4
For Protection Mode, select the desired level of protection against CSRF attacks. You can select Detect
Only to log these attacks, or Prevent to log and block them. Select Disabled to disable CSRF protection
on the portal.
5
When finished, click Accept.
To configure the settings for CSRF protection with the Form-based Protection Method:
1
Expand the Cross-Site Request Forgery (CSRF/XSRF) Protection section.
2
In the Portals drop-down list, select the Portal to which these CSRF protection settings apply. To make
these CSRF settings the default for all portals, select Global.
3
Select Form-based Protection from the Protection Method drop-down list.
How is Cross-Site Request Forgery Prevented?
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
282