webMethods Deployer 10.3 | webMethods Deployer Documentation 10.3 | Deployable Assets | Integration Server Assets | Integration Server Administrative Assets | Integration Server Administrative Assets and Substitution Values | CSRF Guard Configuration
 
CSRF Guard Configuration
Asset Type ID
iscsrfguardconfig
Substitution Values
Enabled
isEnabled
Specifies whether CSRF guard is enabled in Integration Server.
*True specifies that CSRF guard is enabled.
*False specifies that CSRF is not enabled. This is the default.
Excluded User Agents
excludedUser Agents
A list of user agents for which Integration Server is not to apply CSRF guard. If CSRF guard is enabled, Integration Server requires that HTTP requests coming from user agents that are not specified as excluded must contain CSRF secure tokens.
Landing Pages
landingPages
A list of landing pages for the packages in your Integration Server. A landing page is the home page for a package. Integration Server does not check for CSRF secure tokens in the landing pages, but inserts a token for that page. Integration Server guards all further requests from these landing pages with CSRF secure tokens.
Unprotected URLs
unprotected URLs
The URLs for which Integration Server is not to check for CSRF secure tokens. If CSRF guard is enabled, Integration Server requires that the requests coming from all URLs that are not specified as unprotected must contain CSRF secure tokens.
Denial Action
denialAction
Action that you want Integration Server to perform when it detects that a request does not contain a CSRF secure token or contains an invalid CSRF secure token.
*Error specifies that you want Integration Server to throw an access denied error and terminate the request. This is the default.
*Redirect specifies that Integration Server is to redirect the user to a confirmation page or the home page of Integration Server Administrator.

Copyright © 2013-2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.