webApp.secure overview

The webApp.secure environment we used is summarized in this section.

webApp.secure was positioned between the application server on z/OS® and the Internet-facing network firewall (Firewall 2 in Figure 1). It accepted all client connections and validated their requests before allowing them to be processed by the application server through a separate connection.

Request validation along with the isolation provided by a separate connection meant the application server communicated with a single, trusted client - webApp.secure. It never accepted connections or processed requests from an un-trusted source.

The Internet-facing network firewall limited incoming traffic to standard HTTP TCP port(s). webApp.secure accepted client connections that passed through the network firewall on the standard HTTP TCP port(s). Requests from the client were evaluated by webApp.secure to ensure they conformed to the Intended Use Guidelines (IUG) (see the guidelines at webScurity, Inc.'s Web site: http://www.webscurity.com/products.htm), the HTTP specification, and user-defined policies.

HTTP specifications and user-defined policies are specified in the webApp.secure WAProperties.xml file (see WAProperties.xml).