Securing the portal server admin pages – VBrick Systems Portal Server ETV v4.1 User Manual

96

© 2007 VBrick Systems, Inc.

bypassQueryParamName="BypassSecurityWarning">

<file path="login.aspx" />

<file path="login4.aspx" />

</secureWebPages>

<!-- end of security settings -->

Example 2 – Uncomment httpModules

<!-- Remove comments around httpModules to enable security module settings.-->

<httpModules>

<add name="SecureWebPage"

type="Hyper.Web.Security.SecureWebPageModule, WebPageSecurity" />

</httpModules>

<!-- end of security module settings -->

Securing the Portal Server Admin Pages

T

To configure the ETV Portal Server Admin pages for SSL access:

1. Go the Admin Console location, typically

C:\Program Files\VBrick\MCS\Common\MCS

Admin Console

and open

web.config

in a text editor.

2. Uncomment the

<configSections>

settings block located at after the instructions for

Web

Page Security

by deleting the

<!--

and

-->

characters before and after the paragraph.

Example 3 – Uncomment configSections

A sample of a partial

web.config

file is shown below with the comments removed in order to

make the Admin pages secure.

<?xml version="1.0" encoding="utf-8" ?>

<configuration>

<!-- WEB PAGE SECURITY

This section will redirect any matchingpages to the HTTPS protocol for SSl
security, and, if needed, redirect any non-matching pages (or pages matching an
entry marked secure="false" to the HTTP protocol to remove the security and
encryption.

<!-- Remove comments around configSections and secureWebPages to enable login page
security settings. -->

<configSections>

<section name="secureWebPages"

type="Hyper.Web.Security.SecureWebPageSectionHandler, WebPageSecurity"

allowLocation="false" />

</configSections>

<secureWebPages mode="On"

maintainPath="False"

warningBypassMode="AlwaysBypass"

bypassQueryParamName="BypassSecurityWarning">