Web server security configurationEdit online This chapter contains information about configuring added security for the WebSEAL server. Cryptography Provider OverviewAn overview of the features that are provided by the two versions of the Cryptography Provider that are included with WebSEAL.Cryptographic hardware for encryption and key storageConfiguring WebSEAL to support only Suite B ciphersYou can configure WebSEAL to use only Suite B ciphers when negotiating an SSL connection.Configuring NIST SP800-131A complianceSpecial Publication 800-131a (SP 800-131a) is an information security standard of the National Institute of Standards and Technology (NIST). SP 800-131a requires longer key lengths and stronger cryptography than other standards. You can configure WebSEAL to comply with NIST SP800-131A when it is negotiating SSL connections.Prevention of vulnerability caused by cross-site scriptingCross-site scripting is a known technique for deploying malicious scripts on browsers. Web servers that incorrectly reflect user-supplied data to the browser without properly escaping the data are vulnerable to this type of attack.Prevention of Cross-site Request Forgery (CSRF) attacksCross-site request forgery (CSRF) is a type of malicious website attack. A CSRF attack is sometimes called a one-click attack or session riding. This type of attack sends unauthorized requests from a user that the website trusts. Suppression of WebSEAL and back-end server identityDisabling HTTP methodsYou can block the use of HTTP methods to request local or remote resources to reduce security vulnerability. Platform for Privacy Preferences (P3P)Proxy Protocol SupportThe PROXY protocol provides a convenient way to safely transport connection information such as a client's address across multiple layers of NAT or TCP proxies. Client IP RulesSometimes it is desirable to be able to restrict access to the Web server based on the IP address of the client which is attempting to access the server. Parent topic: Configuration