Secure Mobile Access 12.4 Administration Guide

Configuring the Web Proxy Service

This section describes how to configure the service that manages access to Web resources. The Web proxy service provides Web proxy access, translated Web access, custom port mapped Web access, and custom FQDN mapped Web access.

To configure the Web proxy service

  1. In the AMC, navigate to System Configuration > Services.

  2. In the Access Services section, under Web proxy service area, Configure.

    The Web Proxy Service page displays.

  3. On the General tab, select Enable HTTP compression if you want to compress HTML, XML, and CSS files before they are sent from the appliance to the client. This reduces the download size of Web pages accessed through the appliance, but may also affect system performance.

    Enabling compression may affect system performance.

  4. Configure Downstream Web resources:

    • If you want the Web proxy service to check the validity of certificates presented by back-end Web servers, select Validate SSL server certificates. If enabled, the appliance will make sure the CN in the certificate matches the host name and that the certificate is valid. Secure Mobile Access recommends enabling this feature if you are using downstream HTTPS.

    • To view details about the appliance’s root certificate listing CAs that issued certificates to back-end Web servers, or to import a certificate, click the SSL Settings link. For more information about managing CA certificates, see CA Certificates.

    For information about configuring Web application profiles, see Adding Web Application Profiles.

  5. Click Advanced to configure the Web Proxy Security settings.

  6. Select the headers to be sent on pages generated by Web Proxy. These headers protect users from attacks like Clickjacking and cross-site scripting.

    It is recommended to enable all the security headers for better security.

    Header Description
    X-Frame Options

    Prevent Clickjacking attacks: This header inspects and provides clickjacking protection by not allowing rendering of a page in a frame.

    X-XSS-Protection

    Prevent cross-site scripting and injection attacks: Using this header stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.

    Content-Security-Policy

    Prevent cross-site scripting and injection attacks: Using this header in modern browsers helps to enhance the security of the document (or web page).

    Strict-Transport-Security

    Enforce HTTPS only access: This header informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.

    MIME-Type Sniffing

    Prevent attacks from MIME-Type sniffing: This header allows you to avoid MIME type sniffing by saying that the MIME types are deliberately configured.

    Cross Domain Policy

    Prevent loading of resource from other domains: This header is used to permit cross-domain requests from PDF documents.

  7. Click Save.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden