Securing The Proxy Session Cookie; Managing Access Gateway Certificates; Section 3.6, "Managing Access Gateway Certificates - Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 Manual
Access gateway guide
Hide thumbs
Also See for ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010:
- Manual (374 pages) ,
- User manual (58 pages) ,
- Manual (30 pages)
Table of Contents
Advertisement
3.5.2 Securing the Proxy Session Cookie
The proxy session cookies store authentication information and other information in temporary
memory that is transferred between the browser and the proxy. These cookies are deleted when the
browser is closed. However if these cookies are sent through a non-secure channel, there is a threat
of hackers intercepting the cookies and impersonating a user on Web sites. To stop this from
happening, you can use the following configuration options:
"Setting an Authentication Cookie with a Secure Keyword for HTTP" on page 119
"Preventing Cross-Site Scripting Vulnerabilities" on page 119
Setting an Authentication Cookie with a Secure Keyword for HTTP
You can configure the Access Gateway to force the HTTP services to have the authentication cookie
set with the keyword secure.
To enable this option:
1 In the Administration Console, click Devices > Access Gateways > Edit > Reverse Proxy /
Authentication.
2 Select the Enable Secure Cookies option, then click OK twice.
3 Update the Access Gateway.
This option is used to secure the cookie when the Access Gateway is placed behind an SSL
accelerator, such as the Cisco SSL accelerator, and the Access Gateway is configured to
communicate by using only HTTP
Preventing Cross-Site Scripting Vulnerabilities
Cross-site scripting vulnerabilities in Web browsers allow malicious sites to grab cookies from a
vulnerable site. The goal of such attacks might be to perform session fixation or to impersonate the
valid user. You can configure the Access Gateway to set its authentication cookie with the
keyword, to prevent scripts from accessing the cookie.
To enable this option:
1 In the Administration Console, click Devices > Access Gateways > Edit > Reverse Proxy /
Authentication.
2 Enable the Force HTTP-Only Cookies option, then click OK twice.
3 Update the Access Gateway.
3.6 Managing Access Gateway Certificates
Section 3.6.1, "Managing Embedded Service Provider Certificates," on page 120
Section 3.6.2, "Managing Reverse Proxy and Web Server Certificates," on page 120
Configuring the Access Gateway for SSL and Other Security Features 119
HttpOnly
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010
Related Products for Novell ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP2 Beta 1
- Novell Access Manager 3.1 SP 2
- NOVELL CLIENT LOGIN EXTENSION 3.7 - ADMINISTRATION
- NOVELL IDENTITY ASSURANCE SOLUTION 3.0.2 - ADMINISTRATION
- NOVELL IDENTITY MANAGER 3.6.1 - STAGING BEST PRACTICES GUIDE 2010
- NOVELL IDENTITY MANAGER 3.6.1 - NULL SERVICE AND LOOPBACK SERVICE DRIVERS
- NOVELL IDENTITY MANAGER 3.6.1 - JOBS GUIDE
- NOVELL IDENTITY MANAGER 3.6.1 - TASK SERVICE DRIVER
- NOVELL IFOLDER 3 - ADMINISTRATION
- NOVELL POLICIES IN IMANAGER 3.6.1 - 06-05-2009
- NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP2 - ACCESS GATEWAY GUIDE 2010 and is the answer not in the manual?