Table of Contents
Advertisement
Below the table, in the Block sensitive information within HTML pages text box, type
Step 5
confidential text strings that should not be revealed on any Web site protected by Web
Application Firewall. This text is case insensitive, can include any number of spaces between
the words, but cannot include wildcard characters. Add new phrases on separate lines. Each
line is pattern matched within any HTML response.
When finished, click Accept.
Step 6
Configuring Session Management Settings
Under Session Management, you can control whether the logout dialog window is displayed
when a user logs into the user portal or into an application offloaded portal. You can also set
the inactivity timeout for users in this section.
To configure session management settings:
Expand the Session Management section.
Step 1
Select the Launch Logout Dialog Window after Login check box to display the session logout
Step 2
popup dialog box when the user portal is launched or when a user logs into an application
offloaded portal.
In the Global Inactivity Timeout field, type the number of inactive minutes allowed before the
Step 3
user is logged out. This setting can be overridden by Group or User settings.
Note
When finished, click Accept.
Step 4
Configuring Web Application Firewall Signature Actions
The Web Application Firewall > Signatures page allows you to configure custom handling or
exclusion of certain hosts on a per-signature basis. You can use signature-based exclusions to
apply exclusions for all hosts for each signature.
250 | SRA 6.0 Administrator's Guide
To mitigate CSRF attacks, it is important to keep a low idle timeout value for user
sessions, such as 10 minutes.
Hide quick links:
Advertisement
Chapters
Table of Contents
