Table of Contents
Advertisement
4
For Content Types, select the types of content you want to be profiled by CSRF. You can select All,
HTML/XML, JavaScript, or CSS.
5
Click Begin Profiling to start the CSRF Form-based Protection. If you wish to stop profiling, click End
Profiling.
6
When finished, click Accept.
NOTE:
If you are upgrading from a previous firmware version and switch the Protection Method to Form-
based Protection, the controls might appear grayed and disabled. Simply click Accept to activate the
controls.
Configuring Cookie Tampering Protection Settings
Cookie tampering protection is configured independently for each Application Offloading portal.
To configure the settings for cookie tampering protection:
1
Expand the Cookie Tampering Protection section.
2
In the Portals drop-down list, select the Application Offloading portal to which these cookie tampering
protection settings apply. To make these cookie tampering settings the default for all portals, select
Global.
3
For Tamper Protection Mode, select the desired level of protection against cookie tampering. You can
select Detect Only to log these attacks, or Prevent to log and block them. Select Disabled to disable
cookie tampering protection on the portal.
4
For Encrypt Server Cookies, select Name to encrypt cookie names, and/or select Value to encrypt
cookie values. This affects client-side script behavior because it makes cookie names or values
unreadable. Only server-side cookies are encrypted by these options.
5
For Cookie Attributes, select HttpOnly to append the HttpOnly attribute to server-side cookies,
and/or select Secure to append the Secure attribute to server-side cookies. The attribute HttpOnly
prevents the client-side scripts from accessing the cookies that are important in mitigating attacks such
as Cross Site Scripting and session hijacking. The attribute Secure ensures that the cookies are
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
283
Advertisement
Chapters
Table of Contents
Troubleshooting
