Security >> Application Security: Sessions and Logins: Session Tracking
-
Session Awareness (disabled by default)
- Configure login page to detect username and associate it with the HTTP session
-
None (default)
- Allows the use of Violation Detection Actions only
- User APM Usernames and Session ID
-
Use Login Pages
-
Select the custom login page Properties
- Authentication type (HTML Form, HTTP Basic/Digest Auth and NTLM)
- Username/Password Parameters
-
Access Validation criteria
- A string that should appear (or NOT) in the response
- Expected HTTP response status code
- Expected validation header name and value (ex. Location header)
- Expected validation domain cookie name
- Expected Parameter name (Added to URI links in the response)
-
- Use All Login Pages
-
Track Violations and Perform Actions (aka Session tracking/Violations Detection Actions)
- Disabled by default, grayed out by default until Session Awareness is enabled
- Violation criteria is setup to use specific criteria within a time period
- Violation Detection Period (900 seconds by default)
-
Block All (Default)
-
Blocked URLs
- Block All URLs (Default)
- Block Authenticated URLs (based on Login Enforcement Settings) – to be combined with the Login Pages
- Username Threshold (20 violations) – unchecked by default
- Session Threshold (20 violations) – unchecked by default (requires Session Awareness to be setup to login pages)
- Device ID Threshold (30 violations)
- IP Address Threshold (60 violations) – unchecked by default
-
Block All period
- Infinite (default)
- User-defined (600 seconds)
-
-
Log All Requests – unchecked by default
- Username Threshold (5 violations)
- Session Threshold (5 violations)
- Device ID Threshold (7 violations)
- IP Address Threshold (15 violations)
-
Delay Blocking – unchecked by default
- Username Threshold (5 violations)
- Session Threshold (5 violations)
- Device ID Threshold (7 violations)
- IP Address Threshold (15 violations)
- Delay Blocking Period (600 seconds)
- Associated Violations
- Detect Session Hijacking by Device ID Tracking
Recent Comments