4.11 Samples of Recommended Settings

4.11.1 ESP web.xml

/opt/novell/nam/mag/webapps/nesp/WEB-INF/

<context-param>
    	<param-name>phishingCheck</param-name>
    <param-value>standard</param-value>
</context-param>
<welcome-file-list>
	    <welcome-file>index.html</welcome-file>
</welcome-file-list>
<error-page>
	    <error-code>500</error-code>
    <location>/index.html</location>
</error-page>

<filter>
	    <filter-name>TomcatSameOriginFilter</filter-name>
    <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter
    </filter-class>
  
<init-param>
    <param-name>antiClickJackingOption</param-name>
		    <param-value>SAMEORIGIN</param-value>
</init-param>
</filter>

<filter-mapping>
    	<filter-name>TomcatSameOriginFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

4.11.2 Access Gateway Advanced Options

SSLProtocol TLSv1.1 +TLSv1.2
SSLProxyProtocol TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AESGCM:RSA+AES:!aNULL:!DES:!MD5:!DSS
SSLProxyCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:MEDIUM:!LOW:!EXP:!SSLv2:!aNULL:!EDH:!ECDH:!ECDSA:!AESGCM:!eNULL:!NULL