Securing Network Communication

Keeping your AM instances safe from both internal and external attacks is paramount, but it is also a challenge when you cannot control who connects to your instances.

For example, a client could send unprotected credentials in an HTTP Authorization header. Even if AM were to reject the request, the credentials would already be leaked to any eavesdroppers.

The best way to protect your environment is to enforce the use of secure HTTPS communication.

The following table summarizes best practices about network security in AM environments:

TaskResources

Enforce Secure Connections

Secure connections between AM and the rest of your platform, whether it is DS servers or your applications.

"Preventing Insecure HTTP and LDAP Connections"

Use a Reverse Proxy

Configure AM behind a reverse proxy. This will protect AM against DoS attacks and restrict access to AM and its endpoints to networks you trust.

"Configuring AM Behind a Reverse Proxy"

Configure CORS filters

Configure a CORS filter such that only your trusted clients and applications can make cross-domain calls to your AM instances.

"Configuring CORS Support"

Adjust AM's Cookie Domain

Configure AM cookie domain so that AM communicates with the hosts in the required domains and sub-domains.

"Configuring the Cookie Domain"

Learn about the CSRF Protection Filter for REST endpoints

By default, AM protects its /json endpoints using a header filter.

"Cross-Site Request Forgery (CSRF) Protection"
Read a different version of :