- Contents
Web Portal Marquee Installation and Configuration Guide
Configure security for Interaction Web Portal
To provide extra security for Interaction Web Portal, you can change the web.config file to:
- Prevent Cross-Frame Scripting attacks.
- Prevent HTTP method overriding.
- Disable debugging.
After a new installation, these changes exist in the web.config file. After you apply an update, you can change the web.config file to provide extra security.
Prevent cross frame scripting attacks
Add the following content to the web.config file to prevent cross frame scripting attacks:
<system.webServer>
...<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
...</system.webServer>
Prevent HTTP method overriding
Add the following content to the web.config file to prevent HTTP method overriding:
<system.webServer>
...
<security>
<requestFiltering>
<denyQueryStringSequences>
<add sequence="_method=PUT" />
<add sequence="_method=POST" />
<add sequence="_method=DELETE" />
</denyQueryStringSequences>
<requestLimits>
<headerLimits>
<add header="X-HTTP-METHOD-OVERRIDE" sizeLimit="0" />
</headerLimits>
</requestLimits>
</requestFiltering>
</security>
...</system.webServer>
Disable debugging
Add the following content to the web.config file to disable debugging:
<system.webServer>
...<system.web>
...
<globalization culture="auto" uiCulture="auto"/>
<compilation debug="false" targetFramework="4.0"/>
...
</system.web>
... </system.webServer>