Security >> Application Security: Sessions and Logins: Session Tracking

  • Session Awareness (disabled by default)
    • Configure login page to detect username and associate it with the HTTP session
    • None (default)
      • Allows the use of Violation Detection Actions only
    • User APM Usernames and Session ID
    • Use Login Pages
      • Select the custom login page Properties
        • Authentication type (HTML Form, HTTP Basic/Digest Auth and NTLM)
        • Username/Password Parameters
      • Access Validation criteria
        • A string that should appear (or NOT) in the response
        • Expected HTTP response status code
        • Expected validation header name and value (ex. Location header)
        • Expected validation domain cookie name
        • Expected Parameter name (Added to URI links in the response)
    • Use All Login Pages
  • Track Violations and Perform Actions (aka Session tracking/Violations Detection Actions)
    • Disabled by default, grayed out by default until Session Awareness is enabled
    • Violation criteria is setup to use specific criteria within a time period
    • Violation Detection Period (900 seconds by default)
    • Block All (Default)
      • Blocked URLs
        • Block All URLs (Default)
        • Block Authenticated URLs (based on Login Enforcement Settings) – to be combined with the Login Pages
      • Username Threshold (20 violations) – unchecked by default
      • Session Threshold (20 violations) – unchecked by default (requires Session Awareness to be setup to login pages)
      • Device ID Threshold (30 violations)
      • IP Address Threshold (60 violations) – unchecked by default
      • Block All period
        • Infinite (default)
        • User-defined (600 seconds)
    • Log All Requests – unchecked by default
      • Username Threshold (5 violations)
      • Session Threshold (5 violations)
      • Device ID Threshold (7 violations)
      • IP Address Threshold (15 violations)
    • Delay Blocking – unchecked by default
      • Username Threshold (5 violations)
      • Session Threshold (5 violations)
      • Device ID Threshold (7 violations)
      • IP Address Threshold (15 violations)
      • Delay Blocking Period (600 seconds)
      • Associated Violations
    • Detect Session Hijacking by Device ID Tracking