Your security policies

How do I create a security policy?

Tell me about information leakage

Tell me about application security

Why should I add tags to a policy?

Tell me about policy controls

How do I apply a security policy to sites?

What do declarative security settings do?

 


How do I create a security policy?

Go to Security > Policies, click New Policy (above the list) to start the wizard. You'll be prompted to assign a security policy for each of your web applications. Each policy includes several security options. We provide a policy called Pass-through to get you started. Tip - Turn help tips on (in the title bar) and get help by hovering over field names.

Tell me about application security

Configure a sensitivity rating for the various detection categories in the Application Security section of your policy. This impacts what inspection will be performed by filtering potentially noisy events. By setting a category to a lower number we’ll widen the focus of inspection using a larger number of inspection rules. By setting a category to a higher number we’ll narrow the inspection - this can help reduce any False Positives. Still have questions? The sensitivity values seen in events may guide you in tuning these values.

Tell me about policy controls

Set threat level thresholds (1 to 100) for logging and blocking in the Policy Controls section of your policy. This impacts what events we will log and block. You must set the blocking level greater than or equal to the logging level so blocked events will always be logged. Still have questions? The threat level and severity values seen in events may guide you in tuning these values.

What do declarative security settings do?

These settings are defined as part of an HTTP profile. You can configure responses to cookies, content type sniffing, clickjacking and browser cross-site scripting. Learn more

Tell me about information leakage

These settings are defined as part of an HTTP profile. You can set options for server cloaking, removal of sensitive headers, error messages and sensitive file types. Learn more

Why should I apply tags to a policy?

Tags give you a way to organize your configurations and to permit users to access them. When you apply a tag to a policy, all users whose scopes include that tag will have access to that policy. A user's scope determines the user's access to objects. The user's role determines permissions to act on those objects. Learn more

Assigning a security policy to my web application

You'll assign one security policy to each of your web applications. The same policy can be assigned to however many web applications you want.

Go to Security > Policies, hover over a security policy and choose Add to Sites from the Quick Actions menu. You can select web apps by name or choose tags to identify sites.

Go to Web Applications, hover over a web application and choose Set Policy from the Quick Actions menu.