Configure Web Client
Session persistence based on a cookie
Host header attack protection
You can enable host header attack protection for the User Portal URL. This security measure will ensure that the Host headers of the users' HTTP requests to User Portal cannot be changed in transit, and users who access User Portal via a browser are always redirected to one of your Secure Gateways and not any other hosts.
To enable host header attack protection:
Navigate to Farm > Farm > Tasks > Properties.
Select the Enable HTTP Host header attack protection option.
(Optional) If you use additional hostnames or IPs for your Secure Gateways, you can add them to the list of the allowed addresses by selecting Tasks > New (or clicking the plus-sign icon) in the Access addresses section.
Note: The default hostnames and IP addresses of Secure Gateways and HALBs are added to the list automatically.
Last updated