Previous Topic: Define HTTPS PortsNext Topic: Manage User Access with IIS

Web Agent GuidesWeb Agent Configuration GuideProtecting Web ApplicationsValidate the Domains of Error Pages

Validate the Domains of Error Pages

You can protect error pages from header injections by validating their domains with the following parameter:

ValidErrorPageDomain

Specifies a list of valid domains for customized SiteMinder error pages. SiteMinder only redirects users to custom error pages when the domain of the error page appears in this parameter. If the domain is not listed, then a blank error page is displayed and a corresponding unauthorized message (such as smpwservices.unauth) is returned.

Default: None (no domains listed).

Follow these steps:

  1. Gather a list of domains in your organization which serve your error pages.
  2. Update the value of the ValidErrorPageDomain parameter with the domains that you want.