Proxy security level properties

Network Deployment (Distributed operating systems), v8.0 > Reference > Sets

Proxy security level properties

These settings describe the attributes and policies that define the security level of a secured proxy server. The overall security level of the secured proxy server is set to the weakest level of security assigned to any of the individual settings. From the console...
Servers > Proxy Servers > server_name
> Custom security settings. This panel will only be available for a secure proxy server profile that has been registered with the AdminAgent.

Current security level

A qualitative security level based on an evaluation of the current security related configuration values.
The possible values for Current DMZ Security are high, medium, low. During creation of the secured proxy server, default configurations of high, medium and low are available. You are also able to customize these security settings resulting in the Current DMZ Security level being calculated by the system. Each custom setting has an assigned value of high, medium or low. The overall security level is equal to value of the setting that is considered the least secure. For example, to have an overall security level of high, all settings must be configured to the values associated with a high level of security. If any of the settings are configured with a less secure value, the overall security level is the value of that setting.

Administration

Administration options. This table lists the proxy administration options.

Option Used as the default value in the predefined security levels Description
Local administration The default value for the Medium and the High security levels Specifies that administration of the secure proxy server can only be performed using wsadmin commands performed locally on the system.
Remote administration The default value for the Low security level Specifies that remote administration of the secure proxy server is permitted.

Route

Routing options. This table lists the proxy routing options.

Option Used as the default value in the predefined security levels Description
Static routing The default value for the High security level Specifies that the proxy server will make routing determinations from routing information based on flat files on the file system. This is for Hypertext Transfer Protocol (HTTP) only
Dynamic routing The default value for the Low and the Medium security levels Specifies that the proxy server will dynamically discover the best route to a destination and distribute to servers with like protocols.

Start-up permissions

Start-up permission options. This table lists the proxy start-up permission options.

Option Used as the default value in the predefined security levels Description
Run as an unprivileged user The default value for the Medium and the High security levels Specifies that the server process will revert to a predefined unprivileged user after start-up has completed.
Run as a privileged user The default value for the Low security level Specifies that the server process does not revert to an unprivileged user after startup. It is a requirement that the proxy server start under a privileged user as it initializes privileged ports. Ports lower than 1024 are considered privileged ports. Under this setting, the effective user of the server process continues to be the privileged user. This setting does not provide additional hardening to the access of the server process to the local operation system resources. This is considered a low security level setting.

Custom Error Page Policy

Error page options. This table lists the proxy error page options.

Option Used as the default value in the predefined security levels Description
Local error page handling The default value for the Low, the Medium and the High security levels Specifies that error responses will be generated from flat custom error page files stored locally on the local file system.
Remote error page handling None Specifies to route error responses to a remote custom application deployed on a back-end server. This application will generate a custom response for the error

Local error page handling

Handle errors generated by the proxy server
Specifies if errors generated by the proxy server should be handled with the custom static error pages stored on the local file system. If this is not selected then the default error messages will be used instead of any custom error pages.
Handle errors generated by application servers
Specifies if errors generated by the backend server should be handled with the custom static error pages stored on the local file system. If this is not selected then the default error messages will be used instead of any custom error pages.
Error mappings
Error codes to match with specific static error pages stored on the file system. We can use a relative file path under the configured static file document root to assign a custom error file to be used for a specific error code or group of error codes. The wildcard character, * , is used to assign error files to groups of error codes.

Remote error page handling

Error page generation application URI
Specifies the URI for the custom error page generation application.
Handle errors generated by the proxy server
Specifies if errors generated by the proxy server should be handled with the custom error application deployed on the application server. If this is not selected then the default error messages will be used instead of any custom error pages.
Handle errors generated by application servers
Specifies if errors generated by the backend server should be handled with the custom error application deployed on the application server. If this is not selected then the default error messages will be used instead of any custom error pages.
Headers to forward to Error page Application
List of the headers from the original request to forward to the error page generation application.

HTTP status codes that are to be recognized as errors
List of the status codes in a response that should be directed to the error page generation application.

WebSphere DMZ Secure Proxy Server for IBM WAS
DMZ Secure Proxy Server for IBM WAS start up user permissions
DMZ Secure Proxy Server for IBM WAS routing considerations
DMZ Secure Proxy Server for IBM WAS administration options
Error handling security considerations for the DMZ Secure Proxy Server for IBM WAS
Tune the security properties for the DMZ Secure Proxy Server for IBM WAS

+
Search Tips | Advanced Search

Option	Used as the default value in the predefined security levels	Description
Local administration	The default value for the Medium and the High security levels	Specifies that administration of the secure proxy server can only be performed using wsadmin commands performed locally on the system.
Remote administration	The default value for the Low security level	Specifies that remote administration of the secure proxy server is permitted.

Option	Used as the default value in the predefined security levels	Description
Static routing	The default value for the High security level	Specifies that the proxy server will make routing determinations from routing information based on flat files on the file system. This is for Hypertext Transfer Protocol (HTTP) only
Dynamic routing	The default value for the Low and the Medium security levels	Specifies that the proxy server will dynamically discover the best route to a destination and distribute to servers with like protocols.

Option	Used as the default value in the predefined security levels	Description
Run as an unprivileged user	The default value for the Medium and the High security levels	Specifies that the server process will revert to a predefined unprivileged user after start-up has completed.
Run as a privileged user	The default value for the Low security level	Specifies that the server process does not revert to an unprivileged user after startup. It is a requirement that the proxy server start under a privileged user as it initializes privileged ports. Ports lower than 1024 are considered privileged ports. Under this setting, the effective user of the server process continues to be the privileged user. This setting does not provide additional hardening to the access of the server process to the local operation system resources. This is considered a low security level setting.

Option	Used as the default value in the predefined security levels	Description
Local error page handling	The default value for the Low, the Medium and the High security levels	Specifies that error responses will be generated from flat custom error page files stored locally on the local file system.
Remote error page handling	None	Specifies to route error responses to a remote custom application deployed on a back-end server. This application will generate a custom response for the error