+

Search Tips   |   Advanced Search

Error handling security considerations for the DMZ Secure Proxy Server for IBM WAS


The overall security level of the DMZ Secure Proxy Server for IBM WAS is partially determined by the choices made regarding the handling of custom errors.

We can define a custom error page for each error code or a group of error codes on errors generated by the proxy server or the appserver. This is done using HTTP status codes in responses to generate uniform customized error pages for the application. For security reasons, we can verify the error pages are read from the local file system instead of being forwarded to a custom remote application. Choosing this option limits the code path and eliminates the need for a potentially unauthorized application to be run as the error message is generated based on a flat file.

The following security level settings are used when evaluating a custom security level. Local error page handling is used for all of the predefined security levels.


Table 1. Error handling options

Local error page handling This is considered a high security level setting.
Remote error page handling This is considered a medium and low security level setting.





 

Related concepts


WebSphere DMZ Secure Proxy Server for IBM WAS
DMZ Secure Proxy Server for IBM WAS start up user permissions
DMZ Secure Proxy Server for IBM WAS routing considerations
DMZ Secure Proxy Server for IBM WAS administration options

 

Related tasks


Tuning the security properties for the DMZ Secure Proxy Server for IBM WAS

 

Related


ProxyManagement