Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Related Documentation


    Security Engine Traffic

    This configuration section contains several basic parameters that control how WebApp Secure processes HTTP traffic and parses HTML, as well as health checks and fingerprinting.

    • Default Character Encoding–Backend servers should specify a character encoding via the Content-Type HTTP header or a byte-order mark. However, if this does not happen, or if the security engine does not recognize the character encoding as valid, the default character encoding is used to parse the response from the backend server.
    • Resolve Host Names–Whether or not to perform DNS lookups on IP addresses present in the X-Forwarded-For header. While these lookups do happen out-of-band, they nonetheless may affect performance.
    • Track X-Forwarded-For Addresses–Whether or not to track and record the addresses provided in the X-Forwarded-For header. These addresses will be added as "Proxy" locations for a session.
    • Health Check URL–WebApp Secure provides for a unique URL, located on the root directory of any domain proxied through the security engine, to return a 200 response. The purpose of this is to provide a health check for the security engine itself, in such a way that the health check will not proxy through to the backend servers.
    • Traffic Fingerprinting Enabled–For clients that do not accept HTTP cookies, WebApp Secure can fingerprint raw HTTP traffic. This will dramatically improve the association of traffic generated by non-browser clients like scripts or bots.
    • Session Cookie Expires–One of the ways WebApp Secure tracks clients is with a standard HTTP session cookie. This parameter controls the expiration date of the cookie and should be a random date several years in the future.
    • Additional Address Tracking Headers–Most proxy servers use the X-Forwarded-For header to send the IP addresses of each "hop" in the chain of proxies. If you are using a non-standard proxy server that uses an alternate header, you may specify it here.

    Related Documentation


    Published: 2015-02-04