# Configure Web Client The Web Client is a part of RAS Secure Gateway. To be used by end users, the User Portal must be enabled and configured in the RAS Console as described in [**Configure User Portal**](/landing/ras-admin-guide/v19-en-us/parallels-ras-19-administrators-guide/ras-secure-gateway/configuring-a-ras-secure-gateway/configure-user-portal.md). ## **Session persistence based on a cookie** RAS Web Client session persistence is normally set by user's IP address (source addressing). If you can't use source addressing in your environment (e.g. your security policy doesn't allow it), you can use the Session Cookie to maintain persistence between a user and a server. To do so, you'll need to set up a load balancer that can use a session cookie for persistence. The cookie that you should use is ASP.NET\_SessionId. If you are using a load balancer that doesn't use ASP.NET, you can specify a different cookie on the Web Requests tab of the RAS Secure Gateway Properties dialog. For more information, see [**Web request load balancing**](/landing/ras-admin-guide/v19-en-us/parallels-ras-19-administrators-guide/ras-secure-gateway/configuring-a-ras-secure-gateway/web-request-load-balancing.md). ## Host header attack protection You can enable host header attack protection for the User Portal URL. This security measure will ensure that the Host headers of the users' HTTP requests to User Portal cannot be changed in transit, and users who access User Portal via a browser are always redirected to one of your Secure Gateways and not any other hosts. To enable host header attack protection: 1. Navigate to **Farm > Farm > Tasks > Properties**. 2. Select the **Enable HTTP Host header attack protection** option. 3. (Optional) If you use additional hostnames or IPs for your Secure Gateways, you can add them to the list of the allowed addresses by selecting **Tasks** > **New** (or clicking the plus-sign icon) in the **Access addresses** section. {% hint style="info" %} **Note:** The default hostnames and IP addresses of Secure Gateways and HALBs are added to the list automatically. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.parallels.com/landing/ras-admin-guide/v19-en-us/parallels-ras-19-administrators-guide/parallels-web-client-and-user-portal/configure-web-client.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.