+

Search Tips   |   Advanced Search

Proxy security level properties

These settings describe the attributes and policies that define the security level of a secured proxy server. The overall security level of the secured proxy server is set to the weakest level of security assigned to any of the individual settings.

From the admin console, click...

        Servers > Proxy Servers > server > Custom security settings. This panel will only be available for a secure proxy server profile that has been registered with the AdminAgent.


Current security level

A qualitative security level based on an evaluation of the current security related configuration values.

The possible values for Current DMZ Security are high, medium, low. During creation of the secured proxy server, default configurations of high, medium and low are available. We are also able to customize these security settings resulting in the Current DMZ Security level being calculated by the system. Each custom setting has an assigned value of high, medium or low. The overall security level is equal to value of the setting that is considered the least secure. For example, to have an overall security level of high, all settings must be configured to the values associated with a high level of security. If any of the settings are configured with a less secure value, the overall security level is the value of that setting.


Administration

Option Used as the default value in the predefined security levels Description
Local administration The default value for the Medium and the High security levels That administration of the secure proxy server can only be performed using wsadmin commands performed locally on the system.
Remote administration The default value for the Low security level That remote administration of the secure proxy server is permitted.


Routing

Option Used as the default value in the predefined security levels Description
Static routing The default value for the High security level That the proxy server will make routing determinations from routing information based on flat files on the file system. This is for Hypertext Transfer Protocol (HTTP) only
Dynamic routing The default value for the Low and the Medium security levels That the proxy server will dynamically discover the best route to a destination and distribute to servers with like protocols.


Start-up permissions

Option Used as the default value in the predefined security levels Description
Run as an unprivileged user The default value for the Medium and the High security levels That the server process will revert to a predefined unprivileged user after start-up has completed.
Run as a privileged user The default value for the Low security level That the server process does not revert to an unprivileged user after startup. It is a requirement that the proxy server start under a privileged user as it initializes privileged ports. Ports lower than 1024 are considered privileged ports. Under this setting, the effective user of the server process continues to be the privileged user. This setting does not provide additional hardening to the access of the server process to the local operation system resources. This is considered a low security level setting.


Custom Error Page Policy

Option Used as the default value in the predefined security levels Description
Local error page handling The default value for the Low, the Medium and the High security levels That error responses will be generated from flat custom error page files stored locally on the local file system.
Remote error page handling None Route error responses to a remote custom application deployed on a back-end server. This application will generate a custom response for the error


Local error page handling


Remote error page handling


Related:

  • WebSphere DMZ Secure Proxy Server for IBM WAS
  • DMZ Secure Proxy Server for IBM WAS start up user permissions
  • DMZ Secure Proxy Server for IBM WAS routing considerations
  • DMZ Secure Proxy Server for IBM WAS administration options
  • Error handling security considerations for the DMZ Secure Proxy Server for IBM WAS
  • Tune the security properties for the DMZ Secure Proxy Server for IBM WAS