Table of Contents
Advertisement
This feature is found on the Web Application Firewall > Settings page.
This page contains the following options:
Portals – A list of all application offloading portals. Each portal will have its own setting. The
item Global is the default setting for all portals.
Tamper Protection Mode – Three modes are available:
Prevent – Strip all the tampered cookies and log them.
•
Detect only – Log the tampered cookies only.
•
Inherit Global – Use the global setting for this portal.
•
Encrypt Server Cookies – Choose to encrypt name and value separately. This affects client-
side script behavior because it makes cookie names or values unreadable. Only server-side
cookies are encrypted by these options.
Cookie Attributes – The attributes HttpOnly and Secure are appended to server-side cookies
if they are enabled.
The attribute HttpOnly prevents the client-side scripts from accessing the cookies, which is
important in mitigating attacks such as Cross Site Scripting and session hijacking. The attribute
Secure ensures that the cookies are transported only in HTTPS connections. Both together add
a strong layer of security for the server-side cookies.
Note By default, the attribute Secure is always appended to an HTTP connection even if Cookie
Tampering Protection is disabled. This behavior is a configurable option, and can be turned
off.
Allow Client Cookies – The Allow Client Cookies option is enabled by default. In Strict mode,
the Allow Client Cookies option is disabled. When disabled, client-side cookies are not allowed
to be sent to the backend systems. This option does not affect server-side cookies.
Exclusion List – If the Exclusion List is enabled and contains a cookie, the cookie is passed
as usual and is not protected. You can exclude server-side cookies and client-side cookies.
Exclusion list items are case sensitive, and in the format 'CookieName@CookiePath'. Cookies
with the same name and different paths are treated as different cookies. 'CookiePath' can be
left empty to represent any path.
Import Global – Application Offloading portals can import the Global exclusion list.
SRA Overview | 69
Hide quick links:
Advertisement
Chapters
Table of Contents
