Securing Network Communication
Keeping your AM instances safe from both internal and external attacks is paramount, but it is also a challenge when you cannot control who connects to your instances.
For example, a client could send unprotected credentials in an HTTP Authorization header. Even if AM were to reject the request, the credentials would already be leaked to any eavesdroppers.
The best way to protect your environment is to enforce the use of secure HTTPS communication.
The following table summarizes best practices about network security in AM environments:
| Task | Resources |
|---|---|
| Enforce Secure Connections Secure connections between AM and the rest of your platform, whether it is DS servers or your applications. | "Preventing Insecure HTTP and LDAP Connections" |
| Use a Reverse Proxy Configure AM behind a reverse proxy. This will protect AM against DoS attacks and restrict access to AM and its endpoints to networks you trust. | |
| Configure CORS filters Configure a CORS filter such that only your trusted clients and applications can make cross-domain calls to your AM instances. | "Configuring CORS Support" |
| Adjust AM's Cookie Domain Configure AM cookie domain so that AM communicates with the hosts in the required domains and sub-domains. | "Configuring the Cookie Domain" |
| Learn about the CSRF Protection Filter for REST endpoints By default, AM protects its | "Cross-Site Request Forgery (CSRF) Protection" |