Configuring Cookie Tampering Protection Settings
Cookie tampering protection is configured independently for each Application Offloading portal.
To configure the settings for cookie tampering protection
Navigate to the Cookie Tampering Protection section.
- To make these cookie tampering settings the default for all portals, select Global.
- For Tamper Protection Mode, select the desired level of protection against cookie tampering. You can select Detect Only to log these attacks or Prevent to log and block them. Select Disabled to disable cookie tampering protection on the portal.
- For Encrypt Server Cookies, select Name to encrypt cookie names, and/or select Value to encrypt cookie values. This affects client-side script behavior because it makes cookie names or values unreadable. Only server-side cookies are encrypted by these options.
- For Cookie Attributes, select Http Only to append the Http Only attribute to server-side cookies, and/or select Secure to append the Secure attribute to server-side cookies. The attribute Http Only prevents the client-side scripts from accessing the cookies that are important in mitigating attacks such as Cross Site Scripting and session hijacking. The attribute Secure ensures that the cookies are transported only in HTTPS connections. Both together add a strong layer of security for the server-side cookies.
- For Client Cookies, select Allow if an application on the portal needs all of the client cookies. When disabled, client-side cookies are not allowed to be sent to the backend systems. This option does not affect server-side cookies.
- For the Exclusion List, select Enabled to display additional fields for configuration.
- To enter a custom cookie name and path to the Exclusion List, click in the Cookie Name field to type in the name of the cookie, and click in the Cookie Path field to type in the path. Then click > Add.
- To add one or more already-detected cookies to the Exclusion List, select the desired cookies in the Detected Cookies list, holding the Ctrl key while clicking multiple cookies, and then click < Add to add them to the Exclusion List.
- To remove cookies from the Exclusion List, select the cookies to be removed and then click Remove.
- To clear the Detected Cookies list, click Clear.
- When finished, click Accept.
Was This Article Helpful?
Help us to improve our support portal