From VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide
Part of SRG-APP-000001-WSR-000002
Associated with: CCI-000054
Session management is the practice of protecting the bulk of the user authorization and identity information. As a load balancer, HAProxy must participate in session management in order to set the session management cookie. Additionally, HAProxy must also ensure that the backend server which started the session with the client is forwarded subsequent requests from the client.
Navigate to and open the following files: /etc/haproxy/conf.d/20-vcac.cfg /etc/haproxy/conf.d/30-vro-config.cfg Verify that each backend is configured with the following: cookie JSESSIONID prefix If "cookie" is not set for each backend, this is a finding.
Navigate to and open the following files: /etc/haproxy/conf.d/20-vcac.cfg /etc/haproxy/conf.d/30-vro-config.cfg Configure each backend with the following value: 'cookie JSESSIONID prefix'
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer