Tuning the security properties for the DMZ Secure Proxy Server for IBM WebSphere Application Server

When creating a DMZ Secure Proxy Server for IBM® WebSphere® Application Server, default security levels of high, medium and low are available. In addition to the predefined configuration levels, you can modify the security settings for your DMZ Secure Proxy Server for IBM WebSphere Application Server. When you choose to customize the settings, a qualitative value of high, medium or low is still assigned to inform you of the overall security level of your DMZ Secure Proxy Server for IBM WebSphere Application Server.

Before you begin

You must install aDMZ Secure Proxy Server for IBM WebSphere Application Server before these steps can be completed. You must regsiter the DMZ Secure Proxy Server for IBM WebSphere Application Server profile with the AdminAgent for this panel to be available.

About this task

Installing the DMZ Secure Proxy Server for IBM WebSphere Application Server in the DMZ rather than the secured zone presents new security challenges. The DMZ Secure Proxy Server for IBM WebSphere Application Server has been equipped with capabilities to provide protection for meeting these challenges. It addition to the predefined security configurations for your DMZ Secure Proxy Server for IBM WebSphere Application Server you can also tune the settings to customize the protection.

Procedure

  1. Click Servers > Proxy Servers > secured_proxy_server_name > Custom security settings to open up the Proxy security settings panel.
  2. Choose your administration option for your DMZ Secure Proxy Server for IBM WebSphere Application Server.
    • Local Administration - Security level: medium and high.

      This option allows two different types of administration. Managing the DMZ Secure Proxy Server for IBM WebSphere Application Server entirely using the wsadmin tool and loading updated profiles imported from inside the cell using the wsadmin tool are both considered Local Administration.

    • Remote Administration- Security level: low
  3. Choose your routing option for your DMZ Secure Proxy Server for IBM WebSphere Application Server.
    • Static routing - Security level: high
    • Dynamic routing - Security level: low and medium
  4. Choose your startup permission option for your DMZ Secure Proxy Server for IBM WebSphere Application Server.
    • Run as an unprivileged user - Security level: medium and high
    • Run as privileged user - Security level: low
  5. Optional: If Run as an unprivileged user is selected, enter the user name or the user group whose identity the server should assume after startup has completed.
  6. Choose your custom error page policy option for your DMZ Secure Proxy Server for IBM WebSphere Application Server.
    • Local error page handling - Security level: high

      If you choose to use local error page handling, you need to select which error responses use custom error messages. Select Handle local errors for responses generated by the proxy server and select Handle remote errors for responses generated by the backend server. Both options can select to use custom error messages for local and remote errors. Manage your error code mappings to determine the custom error pages to be used for specific responses.

    • Remote error page handling - Security level: low and medium

      If you choose to use remote error page handling to include custom errors, you need to select which error responses are customized. Select Handle local errors for responses generated by the proxy server and select Handle remote errors for responses generated by the backend server. Both options can be selected to use custom error messages for both local and remote errors. Manage the headers that are sent to the custom error application and what status codes are to be recognized as errors.

Results

You have finished customizing the security settings for your DMZ Secure Proxy Server for IBM WebSphere Application Server. A qualitative value of high, medium or low has been calculated based on the settings you have chosen to demonstrate the current DMZ security level.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Oct 22, 2010 12:21:29 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-zos&topic=tsec_spxy_config
File name: tsec_spxy_config.html